Pau Lo
asked on
email signing
Can I ask in outlook 2003 what "email digital signing" is about and what it actually does to maintain the integrity of sent / received email? Is it a free feature within outlook? How can I digitally sign an email before sending it and what is the point in doing so?
Say I send email from myself to user X, and user X decides to edit the email after they receievd it, how will signing the email help there. Would prefer management type responses if poss, jargon freindly.
Say I send email from myself to user X, and user X decides to edit the email after they receievd it, how will signing the email help there. Would prefer management type responses if poss, jargon freindly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Do you buy 1 certificate per user, 1 per email, or one per exchange server?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
However, what if... after a user receives the email. They open it in Outlook, right click, edit the message, save it. And then forward it on. How will the certificate help in that case? I.e. its arrived untampered. But the recipient themselves have then tampered with it and sent it on.
Signatures are client specific so unless everyone is using the same pc and outlook install then one per person.
For larger organisations you can have your own certificate server but in most cases I believe they will be hosted by providers.
I have my own for home and used to have a work hosted one for work. THe work one was not so good as somehow the certificate could not be seen globally .... I had to send it out seperately whereas my provider based certificate simply works.
Chris
For larger organisations you can have your own certificate server but in most cases I believe they will be hosted by providers.
I have my own for home and used to have a work hosted one for work. THe work one was not so good as somehow the certificate could not be seen globally .... I had to send it out seperately whereas my provider based certificate simply works.
Chris
When a recipient sends the mail on it is no longer signed ... the act of sending it removes the 'received' signature. Of course if the (re)sender has a certificate and elects to sign the message then the next recipient will see a signed email from you BUT no validation of the sender you received it from.
Chris
Chris
ASKER
Whats the liklehood of an email being tampered in transmition in an internal LAN? Theoretical at best?
And also...
However, what if... after a user receives the email. They open it in Outlook, right click, edit the message, save it. And then forward it on. How will the certificate help in that case? I.e. its arrived untampered. But the recipient themselves have then tampered with it and sent it on.
And also...
However, what if... after a user receives the email. They open it in Outlook, right click, edit the message, save it. And then forward it on. How will the certificate help in that case? I.e. its arrived untampered. But the recipient themselves have then tampered with it and sent it on.
ASKER
So, am I right in thinking.
If an email is sat in a users inbox. The user decides to edit the message whilst in their inbox. If they dont send it on, does it flag up as "this user has edited the text of this email from the original".
Or would it only flag it up if "this email was tampered during transmission, it isnt the original".
If an email is sat in a users inbox. The user decides to edit the message whilst in their inbox. If they dont send it on, does it flag up as "this user has edited the text of this email from the original".
Or would it only flag it up if "this email was tampered during transmission, it isnt the original".
ASKER
I.e. does it provide accountability to email at rest (sat in the mailbox) as well as email in transit. The issue could be a user receives the email. Then decides to edit it, so in their inbox is appears as modfiied. I wasnt sure if a digital cert "locks" the email when in the inbox so it cant be amended. Or whether if someone does amend it somewhere the hash then doesnt match thus it flags it up in outlook as "someones messed about with this since it was received, this isnt the original".
ASKER
And does a dig signature consider attachments as well as message txt? i.e. if the attached word document was also edited in transit would that also show as a mismatch?
As soon as you modify a signed email from elsewhere the signature is invalid. i.e. any change to the attachments is a change to the email so the attachments are marked as invalid by virtue of the edit to the email.
Capability wise it is probably high that someone within an intranet CAN hack a message as compared to finding a useful email outside but within an organisation there is little cause in my view for signing ... unless legal requirements apply.
Chris
Capability wise it is probably high that someone within an intranet CAN hack a message as compared to finding a useful email outside but within an organisation there is little cause in my view for signing ... unless legal requirements apply.
Chris
ASKER
Ok Chris,
But, say an email (digitally signed) appears in my inbox,
a) How does it visually appear as either "ok -not tampered" or "tampered"? Can you provide a screenshot? Of how they will visually appear in outlook.
And my core question is,
b) In outlook 2003, if I open an email (digitally signed), right click, edit message, change the text, and save it, does it then also visually appeared as tampered, or does it remain as ok?
My concern is more email at rest (sat in a team/shared inbox) as opposed to in transmission.
I can see dig certs affect in transmission, but I wasnt sure if it "stops there" and any amendement of the email whilst in the inbox will affect the dig sig "ok not tampered"
But, say an email (digitally signed) appears in my inbox,
a) How does it visually appear as either "ok -not tampered" or "tampered"? Can you provide a screenshot? Of how they will visually appear in outlook.
And my core question is,
b) In outlook 2003, if I open an email (digitally signed), right click, edit message, change the text, and save it, does it then also visually appeared as tampered, or does it remain as ok?
My concern is more email at rest (sat in a team/shared inbox) as opposed to in transmission.
I can see dig certs affect in transmission, but I wasnt sure if it "stops there" and any amendement of the email whilst in the inbox will affect the dig sig "ok not tampered"
Exact appearance will vary with application version but there will be a bar on the email to show signed or an error with the signature. The explorer does not in my experience show this status you need the preview or mail active.
I did already say that as soon as a mail is edited in any way the signature becomes invalid. I.e at rest or in transit, a change renders the sig invalid hence from the moment an email is saved either for retention or as part of a send.
Chris
I did already say that as soon as a mail is edited in any way the signature becomes invalid. I.e at rest or in transit, a change renders the sig invalid hence from the moment an email is saved either for retention or as part of a send.
Chris
ASKER
Does the certificate prevent tampering of the email by the recipient, or if the user did tamper with the mail after receiving it, would it show up some how?
And who needs the certificate? I.e. both the sender and receiver? Or if you were using it internally can you buy like a corporate cert?