Solved

Certificate Purposes

Posted on 2008-06-13
7
1,649 Views
Last Modified: 2008-07-05
Hello,

I have a personal email signing certificate from Thawte. The certificate is issued in my name. The certificate is installed in the system.

If I look at the certificate from Internet Explorer Options/Content/Certificates, or from MMC, I see two purposes of the certificate: "proves your identity to a remote computer" and "Protects email messages".
But if I send an email signed with this certificate, and then look at the certificate already in the email (sent or received - same thing), I see only purpose "Protects email messages". Same in Outlook and in Outlook Express.

Why I don't see "proves your identity" purpose in the certificate in email?
0
Comment
Question by:Vadim Rapp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:PowerIT
ID: 21784588
The identity purpose is used for remote access to systems, not for signing email.

J.
0
 
LVL 40

Author Comment

by:Vadim Rapp
ID: 21784929
http://technet2.microsoft.com/windowsserver/en/library/2746cc74-5401-443b-898f-5dc53b1cbcb01033.mspx?mfr=true says

-------------------
Certificates issued to persons
Once you have purchased a certificate and you use it to digitally sign an e-mail message, the message recipient can verify that the message has not been altered during transit and that the message came from you
-------------------

What purpose is used to "verify that the message came from you"?

Thawte website says:

http://www.thawte.com/secure-email/web-of-trust-wot/index.html?click=main-nav-products-wot
-------------------------------
The thawte Web of Trust (WOT) is a Certification system that allows your identity to be validated for use in your Personal Certificate.

Join for free and:

    * Sign your mail
.....
-------------------------------------

so, Thawte is giving inaccurate information, and in fact you can't sign your email with their certificate?
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 21785016
I think you read this wrong. That's the second purpose: 'Protect email message'. By signing it you also verify your identity, because you have the certificate with the private key.
Signing an email and validating your identity to a remote system are two diferent purposes with the same goal.

J.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 40

Author Comment

by:Vadim Rapp
ID: 21785171
I understand that "protect email message" means that certificate ensures that the email has not been tampered with wince it left the sender.

But I'm interested in the 2nd purpose. On Thawte, you can get generic email certificate issued to "email user" that protects email message; but you can go further and acquire your personal certificate by showing your id to their notary - see "web of trust" above. Then you get your personal certificate issued to your real name. That, as I understand, is what is achieved by the purpose "proves your identity", and that's what Thawte means when they say "allows your identity to be validated for use in your Personal Certificate". What I don't understand is how sender's identity can be validated by the recipient if the certificate does not say that it can be used for this purpose.
0
 
LVL 40

Author Comment

by:Vadim Rapp
ID: 21832171
Discussing this in security-related newsgroup gained much more results.

http://groups.google.com/group/microsoft.public.security/browse_thread/thread/43c941fb3bad6020/c4d142ac3162877f
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 21834015
I'm sorry, I forgot to continu on this question. Agree the closure.

J.
0
 
LVL 40

Accepted Solution

by:
Vadim Rapp earned 0 total points
ID: 21834105
if you still have input, we can continue - even though the discussion in the newsgroup gained many responses, there was no final explanation of what actually happened. If you read my last post in there, with the examples about government official and about recording studio, you will see.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
disable USB on Dell Printers 14 40
harden EXCH2013 7 57
Software to manage all passwords for our IT dept 7 47
MyDlink DCS930L camera Registration/Account 4 62
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question