There are a few products out there which make it relatively easy to send and
receive your e-mail securely.
- Izemail (http://www.izecom.com). Really easy to use. s/mime based
so compatible with most clients
- Voltage (http://www.voltage.com). Uses a proprietary protocol
(haven't tried it myself)
- Securedemail (https://www.securedemail.org). Uses a proprietary
protocol
Regards
MITM
----- Original Message -----
From: "Steve Bostedor" <Steveb (at) tshore (dot) com [email concealed]>
To: "Matt Parkins" <matt (at) the-parkins.co (dot) uk [email concealed]>; <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Friday, April 15, 2005 22:22
Subject: RE: using certificates in Outlook for encryption
> Is it just me or is this all overly complicated for the target audience.
> I deal with CEO's and upper management personell all of the time and
> they don't know what a public key is from a head gasket. How is this
> technology ever supposed to get out of the gate if it's so complicated?
> (to them, not to me! *cough*)
>
> Are there any third party solutions that set this all up for companies
> and make it very point and click? It should also be compatable so that
> if someone wanted your public key, it would be easily obtainable by a 75
> year old grandma from Idaho.
>
> Steve Bostedor
> http://www.vncscan.com
> VNCScan Enterprise Console
> No added fat! No preservatives!
>
>
>
>> -----Original Message-----
>> From: Matt Parkins [mailto:matt (at) the-parkins.co (dot) uk [email concealed]]
>> Sent: Friday, April 15, 2005 11:44 AM
>> To: focus-ms (at) securityfocus (dot) com [email concealed]
>> Subject: RE: using certificates in Outlook for encryption
>>
>>
>> Easy:
>>
>> - Open the e-mail, right click on the user, select 'add to
>> contacts' (update the contact's details if the contact
>> already exists)
>>
>> - Go to contacts and open the contact, go to the certificate
>> tab the contact's public key(s) should be listed right there.
>>
>> Matt Parkins
>> Senior Programmer
>>
>> -----Original Message-----
>> From: Andrew Sciberras [mailto:andrewsciberras (at) gmail (dot) com [email concealed]]
>> Sent: 14 April 2005 23:13
>> To: Stegman, William
>> Cc: focus-ms (at) securityfocus (dot) com [email concealed]
>> Subject: Re: using certificates in Outlook for encryption
>>
>> Hi,
>>
>> Encrypting an email is (in very simple terms) the act of you
>> encrypting the message with someone else's public key, thus
>> ensuring that the only person that can read it is the owner
>> of the private key. This should only correspond to 1 entity,
>> your recipient.
>>
>> Generally, outlook will obtain public keys of other people
>> from their certificate. So, once you store another's persons
>> certificate within your store (generally from an email that
>> they've sent you) you will then possess all of the technical
>> pieces of information to send them an encrypted message.
>>
>> What might be failing is policy related checking... Possibly:
>> * Does the recipient's certificate contain an email address
>> that matches
>> (exactly) the email address that you are using in your email to them?
>> * Does the recipient's certificate contain a keyUsage or
>> extendedKeyUsage field? And if so, does this usage include
>> the digital signature choice?
>> * Does your system trust the CA certificate that issued the
>> Certificate? (Im assuming it does)
>>
>> I would really be looking out for the matches in email
>> addresses first.
>>
>>
>> Andrew Sciberras
>> eB2Bcom
>>
>> Stegman, William wrote:
>>
>> >I have an enterprise PKI setup in our win2k active dir
>> domain, and have
>> been issuing user certificates for authentication, efs, and
>> email encryption. I've got wireless working fine with the
>> certs, and signing messages from outlook works ok too, but
>> when trying to encrypt the messages for others to view, I'm
>> missing something. Everything I keep reading only brushes
>> over the fact that you can send your public key in an email
>> message to your intended recipient so he/she can later read
>> your encrypted messages, but once I receive that public key
>> through a singed email, there's nothing I can really do with
>> it as far as I can tell. The messages are being sent to
>> users who have obtained private keys from the same source,
>> the AD enterprise CA. I've posted some notes on MS's
>> community newsgroups, but no bites. The outlook clients
>> range from 2000 to 2003, I've got the certificates configured
>> in outlook's security tab, I think I'm just missing the
>> public key part......
>> >
>> >Thank you,
>> >
>> >William Stegman - Network Administrator TransCore - Hummelstown
>> >Phone: 717-561-5931
>> >Fax: 717-564-8439
>> >william.stegman (at) transcore (dot) com [email concealed]
>> >
>> >
>> >-------------------------------------------------------------
>> ----------
>> >----
>> >-------------------------------------------------------------
>> --------------
>> >
>> >
>>
>>
>> --------------------------------------------------------------
>> -------------
>> --------------------------------------------------------------
>> -------------
>>
>>
>
> ------------------------------------------------------------------------
---
> ------------------------------------------------------------------------
---
>
>
There are a few products out there which make it relatively easy to send and
receive your e-mail securely.
- Izemail (http://www.izecom.com). Really easy to use. s/mime based
so compatible with most clients
- Voltage (http://www.voltage.com). Uses a proprietary protocol
(haven't tried it myself)
- Securedemail (https://www.securedemail.org). Uses a proprietary
protocol
Regards
MITM
----- Original Message -----
From: "Steve Bostedor" <Steveb (at) tshore (dot) com [email concealed]>
To: "Matt Parkins" <matt (at) the-parkins.co (dot) uk [email concealed]>; <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Friday, April 15, 2005 22:22
Subject: RE: using certificates in Outlook for encryption
> Is it just me or is this all overly complicated for the target audience.
> I deal with CEO's and upper management personell all of the time and
> they don't know what a public key is from a head gasket. How is this
> technology ever supposed to get out of the gate if it's so complicated?
> (to them, not to me! *cough*)
>
> Are there any third party solutions that set this all up for companies
> and make it very point and click? It should also be compatable so that
> if someone wanted your public key, it would be easily obtainable by a 75
> year old grandma from Idaho.
>
> Steve Bostedor
> http://www.vncscan.com
> VNCScan Enterprise Console
> No added fat! No preservatives!
>
>
>
>> -----Original Message-----
>> From: Matt Parkins [mailto:matt (at) the-parkins.co (dot) uk [email concealed]]
>> Sent: Friday, April 15, 2005 11:44 AM
>> To: focus-ms (at) securityfocus (dot) com [email concealed]
>> Subject: RE: using certificates in Outlook for encryption
>>
>>
>> Easy:
>>
>> - Open the e-mail, right click on the user, select 'add to
>> contacts' (update the contact's details if the contact
>> already exists)
>>
>> - Go to contacts and open the contact, go to the certificate
>> tab the contact's public key(s) should be listed right there.
>>
>> Matt Parkins
>> Senior Programmer
>>
>> -----Original Message-----
>> From: Andrew Sciberras [mailto:andrewsciberras (at) gmail (dot) com [email concealed]]
>> Sent: 14 April 2005 23:13
>> To: Stegman, William
>> Cc: focus-ms (at) securityfocus (dot) com [email concealed]
>> Subject: Re: using certificates in Outlook for encryption
>>
>> Hi,
>>
>> Encrypting an email is (in very simple terms) the act of you
>> encrypting the message with someone else's public key, thus
>> ensuring that the only person that can read it is the owner
>> of the private key. This should only correspond to 1 entity,
>> your recipient.
>>
>> Generally, outlook will obtain public keys of other people
>> from their certificate. So, once you store another's persons
>> certificate within your store (generally from an email that
>> they've sent you) you will then possess all of the technical
>> pieces of information to send them an encrypted message.
>>
>> What might be failing is policy related checking... Possibly:
>> * Does the recipient's certificate contain an email address
>> that matches
>> (exactly) the email address that you are using in your email to them?
>> * Does the recipient's certificate contain a keyUsage or
>> extendedKeyUsage field? And if so, does this usage include
>> the digital signature choice?
>> * Does your system trust the CA certificate that issued the
>> Certificate? (Im assuming it does)
>>
>> I would really be looking out for the matches in email
>> addresses first.
>>
>>
>> Andrew Sciberras
>> eB2Bcom
>>
>> Stegman, William wrote:
>>
>> >I have an enterprise PKI setup in our win2k active dir
>> domain, and have
>> been issuing user certificates for authentication, efs, and
>> email encryption. I've got wireless working fine with the
>> certs, and signing messages from outlook works ok too, but
>> when trying to encrypt the messages for others to view, I'm
>> missing something. Everything I keep reading only brushes
>> over the fact that you can send your public key in an email
>> message to your intended recipient so he/she can later read
>> your encrypted messages, but once I receive that public key
>> through a singed email, there's nothing I can really do with
>> it as far as I can tell. The messages are being sent to
>> users who have obtained private keys from the same source,
>> the AD enterprise CA. I've posted some notes on MS's
>> community newsgroups, but no bites. The outlook clients
>> range from 2000 to 2003, I've got the certificates configured
>> in outlook's security tab, I think I'm just missing the
>> public key part......
>> >
>> >Thank you,
>> >
>> >William Stegman - Network Administrator TransCore - Hummelstown
>> >Phone: 717-561-5931
>> >Fax: 717-564-8439
>> >william.stegman (at) transcore (dot) com [email concealed]
>> >
>> >
>> >-------------------------------------------------------------
>> ----------
>> >----
>> >-------------------------------------------------------------
>> --------------
>> >
>> >
>>
>>
>> --------------------------------------------------------------
>> -------------
>> --------------------------------------------------------------
>> -------------
>>
>>
>
> ------------------------------------------------------------------------
---
> ------------------------------------------------------------------------
---
>
>
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]