PKI + S/mime problem...

TheMSsForum.com: The Microsoft Software Forum

hi to you all... my situation is like this
i'm going to implement a fully operational S/mime + PKI infrastructure. i'm going to use the digital signature, as well the encrypted mail option. the thing is, that i need for legal avidance, to reroute all the mail in the organization, to a public folder, that a legal advisor could read all the mail running threw the organization. how could he do this, if he dosent have the private keys of all the users?(if solved can cause a non-repudation problem?...). the recovery agent option has very little documentation, and the solution is very complex to implement for such a reason... any suggestion
Top

Re: PKI + S/mime problem... by Steve

Steve
Tue Jun 08 23:55:49 CDT 2004

The point of S/MIME is to eliminate two kinds of attacks:

* Eavesdropping -- by encrypting mail using the receiver's public key
* Modification -- by encrypting a hash of the message using the sender's
private key; thus in effect digitally signing the message

To achieve what you want would require that the advisor have access to keys
they shouldn't have. Think about it: one of your users sends an encrypted
mail. That mail is encrypted with the receiver's public key. The only key
that can decrypt it is the receiver's private key -- and only that person
should possess it! For the advisor to read the message, s/he would need the
receiver's private key. And if the receiver is someone outside your
organization, there's no way that person would allow such a thing.

Essentially, you're asking to break the principles of PKI.

Encrypting and signing mail are tools to guarantee confidentiality and
integrity. By purposefully inserting a man in the middle -- which is what
you're wanting to do -- you can no longer guarantee these security
attributes.

--
Steve
steriley@microsoft.com



"omer maydan" <anonymous@discussions.microsoft.com> wrote in message
news:E60FA3CA-9CEA-4838-A205-59BF4E6EB39A@microsoft.com...
> hi to you all... my situation is like this.
> i'm going to implement a fully operational S/mime + PKI infrastructure.
> i'm going to use the digital signature, as well the encrypted mail option.
> the thing is, that i need for legal avidance, to reroute all the mail in
> the organization, to a public folder, that a legal advisor could read all
> the mail running threw the organization. how could he do this, if he
> dosent have the private keys of all the users?(if solved can cause a
> non-repudation problem?...). the recovery agent option has very little
> documentation, and the solution is very complex to implement for such a
> reason... any suggestion?
>


Top

Re: PKI + S/mime problem... by Vizvary

Vizvary
Wed Jun 09 04:54:16 CDT 2004

> mail. That mail is encrypted with the receiver's public key. The only key
> that can decrypt it is the receiver's private key -- and only that person
> should possess it! For the advisor to read the message, s/he would need
the
> receiver's private key. And if the receiver is someone outside your
> organization, there's no way that person would allow such a thing.

This is only true assuming that the message is encrypted to one person only.
If there are more recipients, more private keys can decrypt the message.
If the advisor is listed among the recipients, eg. in the BCC list, she can
decrypt the mail with her own private key. Such a requirement can be
a part of company's policy. It can also be embedded in PKI software
configuration.

Vizvary Istvan III
http://www.ppuvas.com/p7mViewer


Top

Re: PKI + S/mime problem... by omer

omer
Wed Jun 09 15:03:01 CDT 2004

i thught about it, and it sound like a good idea. do you have any ideas how to implement the bcc thing in exchange/outlook, without writing a com object and distribute it to the clients?

"Vizvary Istvan III" wrote:

> > mail. That mail is encrypted with the receiver's public key. The only key
> > that can decrypt it is the receiver's private key -- and only that person
> > should possess it! For the advisor to read the message, s/he would need
> the
> > receiver's private key. And if the receiver is someone outside your
> > organization, there's no way that person would allow such a thing.
>
> This is only true assuming that the message is encrypted to one person only.
> If there are more recipients, more private keys can decrypt the message.
> If the advisor is listed among the recipients, eg. in the BCC list, she can
> decrypt the mail with her own private key. Such a requirement can be
> a part of company's policy. It can also be embedded in PKI software
> configuration.
>
> Vizvary Istvan III
> http://www.ppuvas.com/p7mViewer
>
>
>
Top

Re: PKI + S/mime problem... by Steve

Steve
Wed Jun 09 16:46:49 CDT 2004

Omer, one question. Will your advisor simply read all email as its being
sent? Or do you need the advisor to read all eamil *before* it gets sent?

If the first, then Vizvary's idea will work. If the second, then it won't.

--
Steve
steriley@microsoft.com



"omer maydan" <omer maydan@discussions.microsoft.com> wrote in message
news:CF4FE904-FD73-4C7F-B1ED-9219719A890B@microsoft.com...
>i thught about it, and it sound like a good idea. do you have any ideas how
>to implement the bcc thing in exchange/outlook, without writing a com
>object and distribute it to the clients?
>
> "Vizvary Istvan III" wrote:
>
>> > mail. That mail is encrypted with the receiver's public key. The only
>> > key
>> > that can decrypt it is the receiver's private key -- and only that
>> > person
>> > should possess it! For the advisor to read the message, s/he would need
>> the
>> > receiver's private key. And if the receiver is someone outside your
>> > organization, there's no way that person would allow such a thing.
>>
>> This is only true assuming that the message is encrypted to one person
>> only.
>> If there are more recipients, more private keys can decrypt the message.
>> If the advisor is listed among the recipients, eg. in the BCC list, she
>> can
>> decrypt the mail with her own private key. Such a requirement can be
>> a part of company's policy. It can also be embedded in PKI software
>> configuration.
>>
>> Vizvary Istvan III
>> http://www.ppuvas.com/p7mViewer
>>
>>
>>


Top

Re: PKI + S/mime problem... by omer

omer
Thu Jun 10 08:05:00 CDT 2004

i dont need him to read the mail before. only after it's being sent... so
i'm still loking for some BCC solution without involving an Outlook
Customization

"Steve Riley [MSFT]" <steriley@microsoft.com> wrote in message
news:OG3G5umTEHA.2408@tk2msftngp13.phx.gbl...
> Omer, one question. Will your advisor simply read all email as its being
> sent? Or do you need the advisor to read all eamil *before* it gets sent?
>
> If the first, then Vizvary's idea will work. If the second, then it won't.
>
> --
> Steve
> steriley@microsoft.com
>
>
>
> "omer maydan" <omer maydan@discussions.microsoft.com> wrote in message
> news:CF4FE904-FD73-4C7F-B1ED-9219719A890B@microsoft.com...
> >i thught about it, and it sound like a good idea. do you have any ideas
how
> >to implement the bcc thing in exchange/outlook, without writing a com
> >object and distribute it to the clients?
> >
> > "Vizvary Istvan III" wrote:
> >
> >> > mail. That mail is encrypted with the receiver's public key. The only
> >> > key
> >> > that can decrypt it is the receiver's private key -- and only that
> >> > person
> >> > should possess it! For the advisor to read the message, s/he would
need
> >> the
> >> > receiver's private key. And if the receiver is someone outside your
> >> > organization, there's no way that person would allow such a thing.
> >>
> >> This is only true assuming that the message is encrypted to one person
> >> only.
> >> If there are more recipients, more private keys can decrypt the
message.
> >> If the advisor is listed among the recipients, eg. in the BCC list, she
> >> can
> >> decrypt the mail with her own private key. Such a requirement can be
> >> a part of company's policy. It can also be embedded in PKI software
> >> configuration.
> >>
> >> Vizvary Istvan III
> >> http://www.ppuvas.com/p7mViewer
> >>
> >>
> >>
>
>


Top