RE: using certificates in Outlook for encryption
From: Ted LeSueur (Ted_at_envoydata.com)
Date: 04/15/05
- Previous message: Steve Bostedor: "RE: using certificates in Outlook for encryption"
- Maybe in reply to: Stegman, William: "using certificates in Outlook for encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Apr 2005 14:49:29 -0700 To: "Steve Bostedor" <Steveb@tshore.com>, "Matt Parkins" <matt@the-parkins.co.uk>, <focus-ms@securityfocus.com>
The answer to your question is most definitely yes. The complication factor is added when you utilize Organizational or "Unknown keys". CA's like Verisign, Entrust, Comodo, etc... their public keys are distributed as part of an OEM solution which means that Grandma living in Idaho has to do one thing only and that is click the button that says send!!!!, the certificates are automatically recognized. The complication is that Grandson living in Phoenix, doesn't want to pay for a certificate from these CA's he wants to use a free one, or one that was generated for him at work. Well these kind of certificates are not inherently recognized and trusted. Therein lies the complication. Hope the helps.
-----Original Message-----
From: Steve Bostedor [mailto:Steveb@tshore.com]
Sent: Friday, April 15, 2005 1:22 PM
To: Matt Parkins; focus-ms@securityfocus.com
Subject: RE: using certificates in Outlook for encryption
Is it just me or is this all overly complicated for the target audience.
I deal with CEO's and upper management personell all of the time and
they don't know what a public key is from a head gasket. How is this
technology ever supposed to get out of the gate if it's so complicated?
(to them, not to me! *cough*)
Are there any third party solutions that set this all up for companies
and make it very point and click? It should also be compatable so that
if someone wanted your public key, it would be easily obtainable by a 75
year old grandma from Idaho.
Steve Bostedor
http://www.vncscan.com
VNCScan Enterprise Console
No added fat! No preservatives!
> -----Original Message-----
> From: Matt Parkins [mailto:matt@the-parkins.co.uk]
> Sent: Friday, April 15, 2005 11:44 AM
> To: focus-ms@securityfocus.com
> Subject: RE: using certificates in Outlook for encryption
>
>
> Easy:
>
> - Open the e-mail, right click on the user, select 'add to
> contacts' (update the contact's details if the contact
> already exists)
>
> - Go to contacts and open the contact, go to the certificate
> tab the contact's public key(s) should be listed right there.
>
> Matt Parkins
> Senior Programmer
>
> -----Original Message-----
> From: Andrew Sciberras [mailto:andrewsciberras@gmail.com]
> Sent: 14 April 2005 23:13
> To: Stegman, William
> Cc: focus-ms@securityfocus.com
> Subject: Re: using certificates in Outlook for encryption
>
> Hi,
>
> Encrypting an email is (in very simple terms) the act of you
> encrypting the message with someone else's public key, thus
> ensuring that the only person that can read it is the owner
> of the private key. This should only correspond to 1 entity,
> your recipient.
>
> Generally, outlook will obtain public keys of other people
> from their certificate. So, once you store another's persons
> certificate within your store (generally from an email that
> they've sent you) you will then possess all of the technical
> pieces of information to send them an encrypted message.
>
> What might be failing is policy related checking... Possibly:
> * Does the recipient's certificate contain an email address
> that matches
> (exactly) the email address that you are using in your email to them?
> * Does the recipient's certificate contain a keyUsage or
> extendedKeyUsage field? And if so, does this usage include
> the digital signature choice?
> * Does your system trust the CA certificate that issued the
> Certificate? (Im assuming it does)
>
> I would really be looking out for the matches in email
> addresses first.
>
>
> Andrew Sciberras
> eB2Bcom
>
> Stegman, William wrote:
>
> >I have an enterprise PKI setup in our win2k active dir
> domain, and have
> been issuing user certificates for authentication, efs, and
> email encryption. I've got wireless working fine with the
> certs, and signing messages from outlook works ok too, but
> when trying to encrypt the messages for others to view, I'm
> missing something. Everything I keep reading only brushes
> over the fact that you can send your public key in an email
> message to your intended recipient so he/she can later read
> your encrypted messages, but once I receive that public key
> through a singed email, there's nothing I can really do with
> it as far as I can tell. The messages are being sent to
> users who have obtained private keys from the same source,
> the AD enterprise CA. I've posted some notes on MS's
> community newsgroups, but no bites. The outlook clients
> range from 2000 to 2003, I've got the certificates configured
> in outlook's security tab, I think I'm just missing the
> public key part......
> >
> >Thank you,
> >
> >William Stegman - Network Administrator TransCore - Hummelstown
> >Phone: 717-561-5931
> >Fax: 717-564-8439
> >william.stegman@transcore.com
> >
> >
> >-------------------------------------------------------------
> ----------
> >----
> >-------------------------------------------------------------
> --------------
> >
> >
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Steve Bostedor: "RE: using certificates in Outlook for encryption"
- Maybe in reply to: Stegman, William: "using certificates in Outlook for encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
