exchange secure emails

:)

there are a number of ways to secure messages

1. TLS which is Server to Server and a point to point
lets say you want to email another email domain i.e Microsoft.com you can configure a connector for that name that uses TLS. This would protect a message between servers but not end to end

2. S/mime  
This allows a user to sign or encrpyt a message providing end to end security (encrypting) and non repudiation (signing)
S/mime uses certificates to provide signing /encrypting
This can be come interesting to deploy because users will need access to the other users key.

User1 wants to send an encrypted message to User2
User 1 would need a copy of users 2 public Key to encrypt the message
-- how can user 1 get this
a. They are on the same Email system and the User 2 has the key published
b. user 2 has access to a directory where the cert is published
c. User1 has send User 2 a singed message and User2 has saved this to thier contacts

http://en.wikipedia.org/wiki/S/MIME
http://en.wikipedia.org/wiki/Transport_Layer_Security

this link talks about the S/MIME method with snapshots
http://www.petri.co.il/configure_message_security_in_exchange_2003.htm

I appreciate you explanation above, but when should someone use SSL and when should he use S/MIME??

SSL is part of the PKI infrastructure and uses certificates to protect transmissions.

An easy example of this would be a website https://x.y
http://www.webopedia.com/TERM/S/SSL.html

That site is using SSL to protect the communiction between the client and sever

To secure protocols like POP,IMAP,HTTP to use an SSL certfiicate

S/MIME untilizes a PKI infrastructure (certs)

here is a book talking about secuing Exchange http://www.amazon.com/CYA-Securing-Exchange-Server-Outlook/dp/1931836248

ATIG:
according to what you said SSL or S/MIME  sound the same.

can you illustrate the difference please?

yes and not..... they both use Certificates/PKI to operate and they both do provide similar functionaliy but are 2 different items

S/MIME users a control in the client that allow Outlook or OWA to utilize a cert assigned to a User
Lets use a smart card since thats what I deal with everyday.
Joe has Card1
Sue has Card2
Each user has been given a physical card (does not have to be this way but what I am using) which hosts a public and private key (Cert)
--------------------------
Encryption
Joe wants to send a message to Sue that is encrypted-- Joe would need access to Sue's public key to encrypt the message this can be done in a few ways.
Sue is the only one who can open the message since she is the only user with the Private key
Thus protecting the message since Sue is the onlyone who can open it
---------------
Singning
Joe want to send a singed message to Sue
Joe using his private key that only Joe has (on his card) and signs the message when Sue recieves the message she can validate the sender was joe since he is the only user with the private key. The signed message only states it was from Joe but the data could have been manipulated since it was not protect so it only validates who the sender of the message was

SSL/PKI
----------------------
Is the generic mechanism that we use with a PKI infrastructure

HTTPS - Uses SSL , the website has a Cert (pub and private key) and works like I described with the users above

Think of the term of SSL as a general description  or a mechanism that we use to secure web sites, with S/MIME, and smart card logon

S/Mime was developed by RSA to protect the transmittions of electronic messages.

SSL gets used a lot by people to be generic...

Does that clear it up a bit more?

SSL  is to secure two applications
S/MIME is to secure messages
IPSEC is to secure the whole network

correct?