OE and "digital IDs"
0 views
Skip to first unread message
Marie-Claude Pasteur
Jan 6, 2005, 9:38:13 PM1/6/05
to encryptio...@googlegroups.com
to get a "digital ID".... it talks about a government agency keeping your
key!
so OE is not private ???
quote from : Advanced security information
Outlook Express is compatible with the S/MIME version 2 specification.
Outlook Express supports the following encryption algorithms: RC2 (40-bit
and 128-bit), DES (56-bit), and 3DES (168-bit). The RC2 40-bit encryption
algorithm is the only algorithm available on non-U.S./Canadian versions of
Outlook Express. Outlook Express can decrypt RC2 (64-bit) encrypted mail,
but cannot send messages using this algorithm.
Outlook Express uses SHA-1 as the hashing algorithm when signing messages.
The bit length of your private key varies, depending on the certification
authority from which you obtain it. A certification authority that uses the
Microsoft Enrollment wizard will generate private keys that are at least 512
bits in length.
The private keys are stored on your computer and are only as secure as your
computer. Private keys installed using Microsoft cryptographic system
components will not be transmitted to the certification authority which
issues the digital ID; the keys are not stored in escrow with any government
agency.
You can read digitally signed and/or encrypted messages like any other
message. Outlook Express displays a help screen the first time you open or
preview a digitally signed message and/or an encrypted message.
If you receive a secure message that has a problem, such as the message was
tampered with or the digital ID of the sender is expired, you will see a
security warning that details the problems before you are allowed to view
the contents of the message. Based on the information in the warning, you
can decide whether to view the message.
After you send a digitally signed message to a contact, you can read an
encrypted message from them the same way you read a regular message.
Note
When you receive a digitally signed message, the sender's digital ID will be
automatically added to your address book if you don't already have it.
=====
key!
so OE is not private ???
quote from : Advanced security information
Outlook Express is compatible with the S/MIME version 2 specification.
Outlook Express supports the following encryption algorithms: RC2 (40-bit
and 128-bit), DES (56-bit), and 3DES (168-bit). The RC2 40-bit encryption
algorithm is the only algorithm available on non-U.S./Canadian versions of
Outlook Express. Outlook Express can decrypt RC2 (64-bit) encrypted mail,
but cannot send messages using this algorithm.
Outlook Express uses SHA-1 as the hashing algorithm when signing messages.
The bit length of your private key varies, depending on the certification
authority from which you obtain it. A certification authority that uses the
Microsoft Enrollment wizard will generate private keys that are at least 512
bits in length.
The private keys are stored on your computer and are only as secure as your
computer. Private keys installed using Microsoft cryptographic system
components will not be transmitted to the certification authority which
issues the digital ID; the keys are not stored in escrow with any government
agency.
You can read digitally signed and/or encrypted messages like any other
message. Outlook Express displays a help screen the first time you open or
preview a digitally signed message and/or an encrypted message.
If you receive a secure message that has a problem, such as the message was
tampered with or the digital ID of the sender is expired, you will see a
security warning that details the problems before you are allowed to view
the contents of the message. Based on the information in the warning, you
can decide whether to view the message.
After you send a digitally signed message to a contact, you can read an
encrypted message from them the same way you read a regular message.
Note
When you receive a digitally signed message, the sender's digital ID will be
automatically added to your address book if you don't already have it.
=====
0xea
Jan 8, 2005, 6:01:37 AM1/8/05
to encryptio...@googlegroups.com
Wrong. You don't have to give your private keys to anybody to get a
"digital ID" (a marketing term for what is technically an X.509
certificate). You only send your *public* key to the Certification
Authority (the entity from who you want an X.509 certificate to certify
your identity), and this CA then delivers to you a certificate, valid
for a certain duration (generaly 1 year).
The CA doesn't have to be a government agency, most of them are private
companies. Anybody can become a CA. In fact, you can even become your
own CA as an individual, and produce your own X.509 certificates
(that's what I do). But you can't force other users to trust your CA,
and if there's no trust, there's no security.
"digital ID" (a marketing term for what is technically an X.509
certificate). You only send your *public* key to the Certification
Authority (the entity from who you want an X.509 certificate to certify
your identity), and this CA then delivers to you a certificate, valid
for a certain duration (generaly 1 year).
The CA doesn't have to be a government agency, most of them are private
companies. Anybody can become a CA. In fact, you can even become your
own CA as an individual, and produce your own X.509 certificates
(that's what I do). But you can't force other users to trust your CA,
and if there's no trust, there's no security.
Reply all
Reply to author
Forward
0 new messages