Re: E-mail encryption. Is this right? Isn't it a security hole?

From: Michel Gallant (MVP) (neutron@istar.ca)
Date: 10/10/02 

Date: Thu, 10 Oct 2002 10:38:02 -0400
From: "Michel Gallant (MVP)" <neutron@istar.ca>

as a further comment on security in general, read the **Conclusion** section
of this white paper on .net security:
 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/net/evaluate/fsnetsec.asp

The concepts translate into almost any area of technology security.

Regarding protecting your private keys, a good model is to never store your
private keys on a local computer (even if you don't use smartcard tech.). Use
your keys (email, codesigning whatever), then export as pfx and back-up, and
save in a few different secure locations. Import the pfx as needed, or better yet,
use CAPICOM 2 and use the pfx file directly off the removeable medium.
Some very useful info. on this in Win2000 ResKit docs.

 - Michel Gallant MVP Security

Microsoft wrote:

> When I send an encrypted e-mail I use the receivers public key to achieve
> the encryption.
>
> When the receiver reads the encrypted e-mail uses his/her private key.
>
> If the receivers certificate is revoked then the sender gets an error
> message when trying to encrypt the e-mail. Obviously the senders client
> reads the CRL (Certificate Revocation List) from the Certificates CDP
> (Certificate Revocation List Distribution Point). That's right!!!
>
> But look what happens in another situation.
>
> If receivers certificate has been revoked after the sender has sent the
> encrypted e-mail, then the receiver can read the encrypted e-mail, by using
> the revoked certificate as it was a valid one.
>
> So suppose that someone gets my private key (smart card - PIN) and succeeds
> to read my mailbox. Then he/she can read my encrypted e-mails. Even If i
> revoke my certificate I can't stop him/her from reading my encrypted
> e-mails.
>
> That happens because when the receiver tries to read the encrypted e-mail
> the mail client ignores the CRL.
>
> Is this right? Isn't it a security hole?

Relevant Pages

  • S/MIME encryption and automatic certificate selection
    ... If I want to send an encrypted e-mail to someone (let's ... call him Bob), the usual way is the following: ... Bob's certificate, and Bob's certificate is automatically added to the ... and correspondants certificates) and private keys. ...
    (microsoft.public.platformsdk.security)
  • Re: E-mail encryption. Is this right? Isnt it a security hole?
    ... >encrypted e-mail, then the receiver can read the encrypted e-mail, by using ... >the revoked certificate as it was a valid one. ... and if the receiver has decrypted your e-mail before the certificate has ... >revoke my certificate I can't stop him/her from reading my encrypted ...
    (microsoft.public.security)
  • Re: E-mail encryption. Is this right? Isnt it a security hole?
    ... I don't think certificate revocation is meant to handle situations where you ... Loose your private key and all bets are off! ... > When the receiver reads the encrypted e-mail uses his/her private key. ...
    (microsoft.public.security)
  • Re: CA, Certificates, some clearification
    ... No, the user certificate is stored on the AD user object, not the ... Private keys do not roam between machines for users unless you are using ... If the certificate is stored in> the user account, if the user moves between multiple machines, does he have> access to his public and private keys? ... > MMC on the server there is a pending request, why is it trying to create a> certificate for basic file encryption when i already have a certificate that> supports file encryption? ...
    (microsoft.public.win2000.security)
  • Re: simple question about certificate chains
    ... Meant SSL of cource. ... The key to the whole certificate idea is keeping private keys private! ... You might be amazed at the effort that the certificate authorities such as ...
    (alt.computer.security)
Quantcast