Re: Sending email securely

From: Chris Jackson (chrisj_at_mvps.org)
Date: 09/19/03


Date: Fri, 19 Sep 2003 16:14:07 -0400


In order to secure your email, you are going to have to use encryption where
you have matching implementations at both the client and the server. I have
used PGP implementations in the past. The new version of Outlook will be
using Windows Rights Management, which you can dig into here:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/rms_sdk/htm/windowsrightsmanagementservicessdk.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/drmclsdk/htm/windowsrightsmanagementclientsdk.asp

There are certainly other encryption providers, these are just the two that
I am familiar with. The choice really depends on what your clients already
have or are willing to install in order to read email from you.

If your clients are unwilling or unable to install new software, you merely
need to think outside of the box. For example, you could email a link to an
https site, where you authenticate them and then enable them to view and
download your payload over an encrypted channel.

-- 
Chris Jackson
Software Engineer
Microsoft MVP - Windows XP
Windows XP Associate Expert
-- 
"Michael" <mgrafton@innervateinc.com> wrote in message
news:128f01c37ebc$65e90fb0$a401280a@phx.gbl...
> I have a .net application that employs asp.net, vb.net
> and sql server.  The application is secured at client
> sites through their firewall.  We want to add
> functionality that will automatically trigger emails
> (potentially with report attachments) that are sent to
> people outside of the firewall.  The data is extremely
> sensitive. What is the best/reccommended way to secure
> the email and any attachemnts.  Articles sites etc. would
> be greatly appreciated.


Relevant Pages

  • Re: Socket Server with Encryption help
    ... Before the client ... Authentication protocols are fiercely difficult to get right. ... by Needham and Schroeder "Using encryption for authentication in large ... Client connects into Server and Server accepts the connection. ...
    (microsoft.public.dotnet.security)
  • Re: Auto-update protocol
    ... to transfer even with a single client and no interference. ... shared secret/public key is the only way to do the encryption. ... successfully decryption is the authentication. ... you can get using a generic farm server, but TFTP does not have any ...
    (comp.arch.embedded)
  • Re: Hardcoding RijndaelManaged Keys
    ... > Hardcoding keys into your application is not a very secure solution at ... otherwise there is no possible way for the server to decrypt the client's ... > Signatures and encryption solve two different problems. ... hardcoding your key into a client application. ...
    (microsoft.public.dotnet.security)
  • Question on client/server application
    ... (one will act as a simple TCP server and the other will be a simple ... TCP client). ... What is the simplest way for me to implement a secure connection ... There are plenty of encryption libraries out ...
    (comp.lang.pascal.delphi.misc)
  • RE: Implementing RSACryptoServiceProvider *and* JavaScript
    ... JavaScript: hashing, synchronous encryption, and asynchronous ... This will enable me to ensure security between the client ... Send these back to the server. ...
    (microsoft.public.dotnet.framework.aspnet.security)