RE: PGP and Outlook

From: Brian A. Reiter (breiter_at_wolfereiter.com)
Date: 01/15/05

  • Next message: Don Gray: "RE: local admin vs group policy and apps..." 
    To: <halln@otc.edu>, <focus-ms@securityfocus.com>
Date: Fri, 14 Jan 2005 22:47:42 -0500

    > Outlook supports digital IDs from Geotrust and Verisign,
    > but I would like to find something that will let our students
    > participate in using the digital signatures without having to
    > pay for one and with the adjunct faculty we hire on a per
    > semester basis, the benefit of using digital signatures would
    > be overcome by the cost.

    MIT provides a free version of the commercially licensed PGP for Win32
    [http://www.pgp.com]. I have tried the MIT PGP 6.5 distribution (which
    includes a plug-in for Outlook) [http://web.mit.edu/network/pgp.html] but it
    did not work properly unless the login account on the Windows box is a
    member of the Administrators group.

    I also tried the GNU Privacy Guard (GPG) plug-in for Outlook
    [http://www3.gdata.de/gpg/download.html] which depends on GPG for Win32
    [http://www.gnupg.org/(en)/download/index.html]. This plug-in simply didn't
    work for me at all and the user interface was broken, perhaps also not
    designed to run as a non-admin.

    On the other hand S/MIME support is built right in to Outlook and most other
    email clients. The problem is the cost of having a trusted certificate
    authority generate keys for the client. I have found Thawte Freemail "web of
    trust" to be a good solution. Perhaps it will work for your situation.

    Thawte will issue S/MIME certificates free-of-charge. Basic certificates are
    free and only certify the email address. There is a web-based personal
    certificate manager for revoking and issuing new certificates.

    There is also a mechanism for acquiring an account that identifies a real
    identity instead of just an email address, but it requires that an applicant
    be certified by other previously certified account holders in his/her
    location. Hence, "web of trust". In practice, this is a lot of rigmarole and
    I wonder how useful for most applications.

    [http://www.thawte.com/wot/]

    Brian A. Reiter
    WolfeReiter, LLC [http://www.wolfereiter.com]

  • Next message: Don Gray: "RE: local admin vs group policy and apps..."

    Relevant Pages

    • Help needed with Certificates (Digital IDs)
      ... I am running MS Outlook 2003 and am trying to sign an email which I ... I have created my own self-certificate using the programme "EldoS PKI ... because you have no certificates which can be used to send from the ... Get a new Digital ID to use with this account. ...
      (microsoft.public.outlook.general)
    • Help needed with Certificates (Digital IDs)
      ... I am running MS Outlook 2003 and am trying to sign an email which I ... I have created my own self-certificate using the programme "EldoS PKI ... because you have no certificates which can be used to send from the ... Get a new Digital ID to use with this account. ...
      (microsoft.public.outlook)
    • "Invaild Certificate" Error Message
      ... I am currently using Outlook XP (Small Business) on my personal home ... I installed the CAC reader hardware and then installed my business DoD PKI ... certificates onto my home computer as well was the various DoD Class ... Outlook XP and attempt to send an email, I receive an Outlook error message: ...
      (microsoft.public.outlook.general)
    • RE: using certificates in Outlook for encryption
      ... using certificates in Outlook for encryption ... And finally is not necessary to send your public key to intended recipient. ...
      (Focus-Microsoft)
    • Re: Signed Email w/Exchange 2003, Windows 2003 PKI
      ... you might do well to use email certificates ... the signatures. ... Outlook, Netscape & Mozilla, Mail.app and others have ... of the person using the cert. ...
      (Focus-Microsoft)