On Sunday 27 March 2011 03:03:30 James wrote: > Sebastian Beßler <sebastian <at> darkmetatron.de> writes: > > Mail encryption is, as far as I know, something that works on the > > client-side only. The mail server doesn't see the encryption, encrypted > > mails contain only text, just like every other mail. > > OK let's ignore the mail server portion. Your basically implying > that encrypted mail handling from the server, does not matter if > it's an exchange server, or *nix, like postfix.... > > As an example. > Look at the situation where a person is using only MS technology > and has no access to support(input) on their client software nor the > MS exchange server (big corp for example that assumes the world > only uses MS software). Maybe they can make a few setting changes > only in Outlook to get encryption working between a MS (Outlook) > system and my Gentoo system using pgp and thunderbird?
Depending on the MSWindows OS and email client versions your MS counterpart can try installing and running: http://www.gpg4win.org/about.html Alternatively, instead of OpenPGP you can use S/MIME certificates - either self-signed or from a <aheam!> reputable Certification Authority. I prefer the former where possible, although the average MSWindows user would struggle on their own to even click a (single) button, let alone generate public/private keys, configure a password and then negotiate with the MSWindows certificate manager to accept them. gpg4win will also act as the front for managing the MSWindows S/MIME certs, although Outlook can manage these for SSL signing/encryption natively. The SSL certificates offered by different CAs are mostly an expensive racket for big corporate clients. Individual users are limited to a few available CAs (like CACert, Comodo, etc) who issue free certificates for personal (email) use, but only some of the browsers include them in their store of trusted CAs - hence the need for manual import of Root CA keys, etc in the user's browser/certificate store and of course the same with the recipients of their email messages. Before you commit to a CA check which browsers and OS already included these in their trusted Root CA store. > > If may answer has nothing to do with your problem, please give me more > > information what you have in mind. > > I do not have a problem. I have assumed that encrypted mail between > a given client software on a gentoo system, will not work with windows. > Is this assumption incorrect? Yes, this is an incorrect assumption. OpenPGP will not work with MSWindows natively without a 3rd party application (e.g. gpg4win), because OpenPGP does not satisfy the requirements of Microsoft's monopolistic business model. However, SSL certificates will work natively with MSWindows and its Outlook email client. As I said above you have a choice of obtaining such certificates: self-signed or signed by trusted Root CAs (some of which are free for personal use). Also, in the era of Cloud computing you have the choice of webmail applications (like Horde) which can use both PGP and S/MIME to sign/encrypt/decrypt messages, thus bypassing limitations of given OS or desktop based mail clients. Finally, you have SaaS solutions for secure email, like http://www.hushmail.com/ but if one does not trust Root CAs why would he trust some hushmail company and its employees is beyond me. > Or it's just install whatever I want (mail client on gentoo) and it will > auto-magically exchange encrypted mail with outlook on a windows machine, > behind a MS Exchange server, regardless of what the MS admins > do on their side? Yes, as long as you manage encryption/decryption at the dekstop. You need to note though that some corporate IM policies may prohibit the use of encrypted messages. These can be filtered out by the corporate mail server and stopped. > I assumed that is not that easy (my default experience with MS), > and things have to be coordinated, like most MS issues, to be > able to exchange encrypted mail between a gentoo and MS workstation.... > > Nothing to it, or massive issues on the MS side? Obviously, > making changes on the gentoo workstation client, is easy.... > What I would really like is to be able to exchange encrypted mail > with any MS user. That, I'm sure with entail pointing them to > documents on how to set up the software on the MS (outlook) side. > Links for MS help? They do not need to look at Internet links - just ask them look up digital signing or encryption in their Outlook help pages. Configuring Outlook is the easy part. The more confusing part might be obtaining an S/MIME certificate and importing the Root CA certificate if it is not already included in whatever Microsoft ships with. I think that Comodo Root CA is already included (and the recently hacked Root CA certificate has not been recalled through last week's MSWindows update). > ??? > A general discussion at this point, not a specific solution. > My googling only reveals dated discussions along these lines > or information that is not useful. Google has many examples and step-by-step instructions for configuring Outlook to use SSL Certs (S/MIME), usually by the purveyors of all these expensive certificate services: http://www.globalsign.com/support/personal-certificate/per_outlook07.html -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
