Sending Secure Emails Externally

Joe Thompson
Joe Thompson used Ask the Experts™
on
Experts-

I manage IT for a bunch of law offices and am looking for a good solution for encrypting emails when attorneys send them between offices or to clients.  I need something that can be installed either on the client, or on the Exchange server.  I've looked at PGP and a few others, but everything seems clumsy for the user so was looking for a solution that is somewhat invisible to the user and the recipient.  I may be asking for the impossible, but you are the experts.  :-)

Thx,

-Joe
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Software Engineer
Distinguished Expert 2018
Commented:
How about S/MIME?  
These allow for both Signed & Encrypted mail.

To use it you need a X.509 certificate with the mail address as subject.
These are known as Personal Certificates.

TO be able to encrypt mail, first both mail partners need to exchange a signed mail
[ which also supplies a public key ]. Then this public key can be used to encrypt future mail exchanges.
btanExec Consultant
Distinguished Expert 2018

Commented:
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Hm. web based mail with certificates (with private key) stored out of your control????
doesn't seem a smart move to me.
[ the private key is the ONLY thing that identifies the owner of the certificate ]
So an encryption certificate should stay under control of it's user/organisation.

It may be safe against carnivore for now, but how solid is Canada w.r.t. USofA PATRIOT requests?
Joe ThompsonPrincipal Manager

Author

Commented:
Thanks for the input.  S/MIME sounds interesting.  I'll look into that.  Or, maybe the best solution is to secure attachments only.  Other than WinZip password protection is there another solution to encrypt/secure attachments?

Thx,

-Joe
nociSoftware Engineer
Distinguished Expert 2018

Commented:
winrar  ;-?

S/MIME can also be used to only encrypt an attachment if needed.
Outlook can keep the public keys of users with their addresses.
btanExec Consultant
Distinguished Expert 2018

Commented:
Yap web based may not be secure if full control is pre requisite and mandated. That is why cloud has security challenges...smime is the standard approach to secure email which outlook already support as mentioned by noci. Encryption of attachment is good as another layer of security...can consider 7zip as well which is free...
Dave HoweSoftware and Hardware Engineer

Commented:
This isn't really needed, provided you can negotiate in advance with the mail server admins of the other servers. By setting up a custom smtp bridgehead to and from specific other domains, requiring direct delivery AND authenticated TLS, you can encrypt the link from exchange at your site both to and from their server, and hence the traffic is secure when traversing between your system and theirs (but is otherwise unencrypted on their systems and/or yours)
nociSoftware Engineer
Distinguished Expert 2018

Commented:
@DaveHowe,
That presumes that mail can be tightly bound to one mail transfer channel regardless all other circumstances. [ Think work from home, on the move etc. ]

S/MIME makes no assumptions about the route a mail takes. It's end-to-end encryption based on the mail addresses, even in the message stores.

S/MIME is even a way to safely block SPAM as no sane spammer tries to encrypt / sign all mails individually with correct sender & recipient keys, even if he could.
Joe ThompsonPrincipal Manager

Author

Commented:
thanks guys.  So it seems that S/MIME is the best option..if it's not too cumbersome on the user - that's the real issue.  I'll take a look to see the best way of handling this.
Dave HoweSoftware and Hardware Engineer

Commented:
@noci: no, it doesn't. normally in an exchange environment, your link to your mailserver is service via rcp-over-https and is available from home, from mobile devices, etc etc. only if you are breaking out of exchange and using native smtp does the endpoint need to handle its own encryption, and setting up s/mime certificates on most mobile devices is a nightmare.

s/mime is of course well supported in exchange/outlook environments - you can use group policy to push out client certificates transparently - however, the overheads of certificate management for multiple recipients and multiple senders can be a major job (remember, you are going to have to obtain in advance the certificate for each potential recipient, and force that to every endnode device for use), and user education is a significant issue (it only takes one instance of the user failing to hit the "encrypt" button, or having that fail due to lack of a destination certificate but sending anyhow, to bring down the whole house of cards).

Overall, s/mime is one of those systems that look good on paper, but see little or no use in the real world due to the complexity of implementation. I wish that wasn't so. I have been a great fan of pem and pgp since their early days and encourage their use whenever possible, but in practice, even for a skilled cryptographer, it can entail repeated exchanges with remote correspondents to establish usable keypairs at each end, and requires active cooperation (again, at both ends) to achieve the goal.  I deplore the recent trend to "trusted oracle" solutions such as zixmail and CRES, but they *do* work in the real world for unskilled users.

s/mime is often the cheap option (assuming you aren't paying for the certs :) but its a key management quagmire.
btanExec Consultant
Distinguished Expert 2018

Commented:
Since you are on ms exchange can go smime esp if policy internally state so. I believe pop also has outlook plugin too. Either is alright depending on cost effectiveness and deployment efficiency
nociSoftware Engineer
Distinguished Expert 2018

Commented:
@DaveHowe,

Any encryption mechanism will be a nightmare. [ BTW, for SSL encryption the certificates mostly aren't checked because many people opt for Self-signed certificates.... , so there goes one check out of the windows, and the mess created by CA's like diginotar and several others wrt. certificates don't help either. ]
Maybe moxie marlinspikes convergence protocol can repair the trusts here.?
Also there is the underlying assumption that ONLY exchange is involved here? is there on the WHOLE path?

W.r.t. acceptance, unless law requires it most people refuse to use encryption..
[ the "I have nothing to hide" mantra starts being cited in the background ]

But do the "trusted oracle" solutions really deserve the trust the demand?
Is mail encrypted from the moment I press send, until it is read by the intended receipient?
Because S/MIME needs a receipients/senders public key there is even a check if that key is known, if not you need to exchange a signed mail. [ And it works cross platform ].
Joe ThompsonPrincipal Manager

Author

Commented:
The sender is Exchange ->through XO Communications (Smarthost) and the recipient is anything...pop/exhange/crappy ass web mail like AOL/etc.  The sender (my customer) is concerned about a secure way to send.  From all the above it seems that putting it in a password protected Zip might be the easiest - albeit not as secure.  The problem I have with password protected Zips is that many viruses are sent this way and I don't want my customer to blindly open them...which attorney's probably will do.  :-$
Dave HoweSoftware and Hardware Engineer

Commented:
@noci:

Any encryption mechanism will be a nightmare. [ BTW, for SSL encryption the certificates mostly aren't checked because many people opt for Self-signed certificates.... , so there goes one check out of the windows, and the mess created by CA's like diginotar and several others wrt. certificates don't help either. ]
That is true. However, client side encryption is a nightmare for the end users, channel (TLS) encryption is a significant administration overhead for the admins (and doesn't trouble the sleep of end users). With remote centrally managed trust, you can at least force the remote signing cert into the local trust store, and dispense with having to set trust on each and every end cert (which is an even bigger nightmare)

Maybe moxie marlinspikes convergence protocol can repair the trusts here.?
Not really. The issue here is that you need to
a) get the signing cert to the end user
b) get the signing cert *trusted* by the end user.
if you suddenly add notary based convergence, you just add another layer of stuff for the end user to mess up.

Also there is the underlying assumption that ONLY exchange is involved here? is there on the WHOLE path?
The assumption is that the security is from corporate to corporate, to a limited number of possible destinations. As a child of that, I am assuming that the remote corporate will have an admin able and willing to configure TLS and direct routing between the two bridgeheads (the exact nature of the bridgehead is not really an issue; I haven't encountered any enterprise-grade mail systems that didn't have TLS support for over a decade, and exchange/groupwise/domino have such a combined market share it would be unusual to see anything else at the far end. Throw in a few OSS endpoints (exim, postfix etc) and you have pretty much full coverage with TLS support.

If the remote correspondent is (for example) a home outlook express user, then you just opened a can of worms regarding how to get a remote user, unskilled, over which you have no corporate authority and who has no management/it support of their own to correctly configure and securely send to you a self signed cert, import YOUR signing cert (or the individual certs of your users) and remember to hit "encrypt" every time.  Few free mail providers bother with starttls, even if offered, so the TLS solution won't help there either :(

W.r.t. acceptance, unless law requires it most people refuse to use encryption..
[ the "I have nothing to hide" mantra starts being cited in the background ]
I usually suggest at that point they supply me with their bank account details, photocopies of any important documents (such as a birth cert, marrage cert etc) and naked photos of themselves/their spouses so I can post the whole lot to the internet. When they protest, I ask what they have to hide?

But do the "trusted oracle" solutions really deserve the trust the demand?
Debatable. I have been in contact with Cisco regarding certification of their CRES solution, and so far have been told they "passed" a SAS70 audit...  Zixmail didn't even come back with that.

Is mail encrypted from the moment I press send, until it is read by the intended receipient?
Pretty much, yes. I can't speak for Zix, but CRES encrypts using a gateway appliance on the customer's site (which can have a secure dedicated link from the mailserver) and a web based decryption resource accepts the encrypted data from the recipient's mail (its sent as a html attachment) using a username and password set up by the end user just like a webmail service.  It is *not* encrypted by CRES from your client to the server (which if you are concerned about you configure rpc-over-https for) or from the server to the appliance (unless you configure TLS for that)

Upside? its completely transparent to the end user, who just hits "send" and rules determine if the mail gets encrypted or not. there is absolutely nothing required of the end user other than to send via their own mailserver. Downside is - its far from cheap.

Because S/MIME needs a receipients/senders public key there is even a check if that key is known, if not you need to exchange a signed mail. [ And it works cross platform ].
Yes, I know. I have set up many s/mime and pgp/openpgp solutions over the years, but invariably, they come down to "you can't send that IMPORTANT EMAIL right now because..." and a bunch of techie talk that techies love and end users think is only there to make life harder for them.  A security system that is breached given the slightest road bump (and for which there is no obvious check or balance on such breaches) is not much use.
Dave HoweSoftware and Hardware Engineer

Commented:
@BreadTan:
Since you are on ms exchange can go smime esp if policy internally state so. I believe pop also has outlook plugin too. Either is alright depending on cost effectiveness and deployment efficiency
Issue isn't if you can use s/mime, but if you can manage all the recipient's certificates, for each of your sending users, in a timely fashion that will allow any time and legally sensitive data to be sent. A secure solution that can send the document next Monday won't do - it has to be available now, or it will be circumvented.
Dave HoweSoftware and Hardware Engineer

Commented:
@jetcosys:
The sender is Exchange ->through XO Communications (Smarthost) and the recipient is anything...pop/exhange/crappy ass web mail like AOL/etc.  
Ok then, not even s/mime will do then. it is just about possible to add s/mime support to gmail, if you know what you are doing, but almost all s/mime or other client-ended crypto requires software on the client pc.
Your client may be interested in this then:
https://res.cisco.com/websafe/help -or- http://www.zixcorp.com/products/zixmail/ (cheaper)

A *lot* depends though on if they are willing to pay for that solution, or something similar (and hold some end-user hands though the signup process if required)

The sender (my customer) is concerned about a secure way to send.  From all the above it seems that putting it in a password protected Zip might be the easiest - albeit not as secure.  The problem I have with password protected Zips is that many viruses are sent this way and I don't want my customer to blindly open them...which attorney's probably will do.  :-$
And also frequently get blocked by ISPs etc.
If your client is willing to "roll their own" and don't mind someone getting their hands dirty with php or asp, then perhaps what you want isn't email at all, but a website clients can pull their sensitive correspondence from via HTTPS?  Instead of then having an expensive encryption infrastructure, worrying about attachments being small enough to make it though mail size filters etc, you can just have caseworkers upload to a website via an app on their desktop to a specific case ref, and end users click an url containing their case ref,  type their password (supplied via telephone, or on a piece of paper when they are in the office discussing the case initially) and are then able to view their documents, read any updates, and securely reply to them.  Notifications of new content can be trivially sent via email without having to disclose anything sensitive via that route.

A lot depends on in house skills there (or the willingness to pay someone to code such a beast) but it would allow significantly more control and auditing of the communications, remove the "bus factor" of having customer communications tied to a specific caseworker email address, and allow your marketing department to express their desires of branding and so forth. The required code is surprisingly simple (not a bad thing for a system you want to be secure) and the ongoing incremental costs near zero (a bit of DMZ server space and a HTTPS certificate from a commercial CA)

Up to you of course, but that's how *I* would do it.
For gmail:

Take a look at Mymail-Crypt for Gmail extension. It is simple. Not great in protecting certs. If your only worry is interception it should do fine. And it's free.

http://prometheusx.net/
btanExec Consultant
Distinguished Expert 2018

Commented:
I believe there is a no worst off state for user when checking technology..they are still sensing email as of now. ..a balance of risk involved I agreed
nociSoftware Engineer
Distinguished Expert 2018

Commented:
@DaveHowe:
How does "Trusted Oracle" Cisco mail, Googlemail etc. handle PATRIOT-act style "Hand over all your data, Now" attacks?

Convergence [ from Moxie MarlinSpike ] is a solution for trusting certificates, not sending mail btw.

In general:

S/MIME can be handled by a variety of enduser applications [ the MUA handles encryption,
not MTA, MDA ] .   So S/MIME is handled by outlook et. al.
POP, IMAP, Exchange, have no knowledge of it.
Webmail is a special case in that the application runs on a server and the presentation is on a workstation. An in house webmail application might be acceptable, an external webapp might expose your private key. At least to your webmail service provider and maybe they may loose it in a Patriot-act like attack .

If manual labour is allowed gpg /pgp can be used too.
Password protected ZIP much less prefered because you need to exchange the encryption key with each message, in a separately transmitted form [ or pre-arranged ].
And only the attachments are protected.
Dave HoweSoftware and Hardware Engineer
Commented:
@noci:
How does "Trusted Oracle" Cisco mail, Googlemail etc. handle PATRIOT-act style "Hand over all your data, Now" attacks?
About the same as you might expect - they bend over and shout "do me".  So does Hushmail of course. However, if you feel you need to try and keep your data safe from either law enforcement or government agencies, you are in a whole new ball game.

Convergence [ from Moxie MarlinSpike ] is a solution for trusting certificates, not sending mail btw.
Yup, I know, and I have been following it (and most of the other alternatives to the classic CA setup) closely. It has been long known (hence before the DigiNotar Debacle) that certain TLAs have had their own issuing subordinate CA certificates, so research on an alternative has been going on for some time - but unless one of the major browsers can be induced to take it up by default (and given the IE upgrade barriers now in place, that is near impossible in real terms) they will remain a minority system used by a small group of enthusiasts, rather than a mainstream offering.

However, to get back on subject, s/mime relies on x509 just as much as the https solution does, in fact more so (given you may not have web access when accessing email for a PFS security check).

As you might notice, I *do* do this stuff quite a bit :)

In general:

S/MIME can be handled by a variety of enduser applications [ the MUA handles encryption,
not MTA, MDA ] .   So S/MIME is handled by outlook et. al.
Yup, but not most mobile devices.

POP, IMAP, Exchange, have no knowledge of it.
Indeed, its independent of the transport.  although there is a good case to be made for using POP3S and IMAPS (exchange is pretty much RPC-over-HTTPS by default, with clients for most mobile platforms, and support for IMAPS as a fallback. Blackberries of course are their own game)

Webmail is a special case in that the application runs on a server and the presentation is on a workstation. An in house webmail application might be acceptable, an external webapp might expose your private key. At least to your webmail service provider and maybe they may loose it in a Patriot-act like attack .
Indeed so, yes. actually, that's a lot more difficult than it seems if the webmail is correctly structured (by which I mean using a PKCS#12 or Java keystore whose keystore password is prompted for at startup; the latter is much more common than the former, although I have seen tomcat solutions that used PKCS#12 natively not JKS)

If manual labour is allowed gpg /pgp can be used too.
gpg doesn't have any really decent enterprise offerings (not surprisingly) - gpg relay is at best a single-user solution although it wouldn't take THAT much to make into a fully enterprise capable gateway. PGP *do* offer a enterprise gateway, which can handle genuine PGP keys (if supplied) and fails back to a oracle based solution for users whose keys are not supplied.  As this is locally hosted (http://www.symantec.com/universal-gateway-email) it is superior to the Cisco and Zix solutions in terms of resistance to the above Patriot attack.

Password protected ZIP much less prefered because you need to exchange the encryption key with each message, in a separately transmitted form [ or pre-arranged ].
And only the attachments are protected.
Agreed. as a oneshot, a password protected zipfile (or better yet, 7z file) is a good solution (using Winzip encryption of course, not "native" zip which is a particularly unfunny joke). WinRar is also a good solution, but all three of those have the downside that you need to download and install software to read, and often pay to create (7z can make winzip encrypted archives but only decrypt winrar)

As a repeated solution, it is a nightmare (as is the theme here) for key management. Remember, for compliance and legal discovery reasons, you may need to be able to decrypt every sent and received mail for some years of history, or face sanctions....
nociSoftware Engineer
Distinguished Expert 2018

Commented:
w.r.t. Patriot act.
It depends on you P.O.V.  "Which law" & "Whose security service"
By european + national law I am required to protect data from "non-european" entities...
esp. data concerning personal info.

No doubt the same goes for USofA vs world, China vs. World, Russia vs. world.
So there is an interesting age-old conflict of interest... ==> security ==> privacy...
Dave HoweSoftware and Hardware Engineer

Commented:
@noci:
w.r.t. Patriot act.
It depends on you P.O.V.  "Which law" & "Whose security service"
By european + national law I am required to protect data from "non-european" entities...
esp. data concerning personal info.
I live in the UK, so I am used to having little or no privacy from the government - and if you think the UK won't hand over anything the USG wants with little more than a polite request, you aren't paying much attention.

I agree though that in many cases, the local gov is less trustworthy than the local criminal underground - at least the latter is honest about what they want :)

No doubt the same goes for USofA vs world, China vs. World, Russia vs. world.
So there is an interesting age-old conflict of interest... ==> security ==> privacy...
Yup. but if you expect any big corporation to not bend over for government interests, in practically any country (the "golden shield" internet censorship and monitoring implemented in china uses almost exclusively bespoke builds of cisco software running on cisco hardware) - the reality is that it is hard to avoid dealing with American companies (or Israeli  - Checkpoint is long rumoured to have made concessions to their own government similar to that assumed for ms/cisco/etc in america)

At the base level, it is assumed by anyone serious in crypto that any closed source solution cannot be assumed not to contain implementation flaws, either accidental or deliberate on behalf of a third party. Only if you can see the source, *understand* the source, and *compile your own copy* from the source can you be even reasonably safe, and even then, the experts in the field couldn't give you even a 99% assurance of the security of code they reviewed, so you and I have little chance :)
nociSoftware Engineer
Distinguished Expert 2018

Commented:
rather off topic:
UK & NL probably can be better tagged the 53th, 54th states of the US... ;-)

Otherwise we are more or less on the same page technically, and a little less in opnion.
Dave HoweSoftware and Hardware Engineer

Commented:
No, if the UK was the 53rd state, the Americans would assume their laws applied here too (we are in a happy no-man's-land where none of the protections of the american constitution or laws are applied to us, but via treaties, American "requests" trump uk laws.
Joe ThompsonPrincipal Manager

Author

Commented:
I love how my question has grown political.  Keep it up guys, I'm enjoying the 'blog'.  :)
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Encryption is ALL about politics, probably because politics / military were the bulk users of encryption for centuries...
Sorry, now it threatens to become a history lesson too.

IMHO you should be able to extract your answer from the above.
Joe ThompsonPrincipal Manager

Author

Commented:
Extract from above...sure, when I get a few hours to try and read all the above....I will.
Dave HoweSoftware and Hardware Engineer

Commented:
UK is just as bad as the US when it comes to surpression of crypto - more, in that in the uk you can be legally obliged to hand over the keys to your encrypted mail to (for example) the egg marketing board, without a court order, should they decide that is important in their investigation (presumably, of marketing eggs inproperly). Refusal carries a 2 year custodial, and telling anyone you were asked carries a *5* year custodial...
Dave HoweSoftware and Hardware Engineer
Commented:
And I love the politics, I sure don't come here just for the T-shirts :)
Joe ThompsonPrincipal Manager

Author

Commented:
Sorry for forgetting to grade this...split between the guys whom helped.  There was no real solution though.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial