Outlook, digital certificates and encryption (Dont understand)

C

Chris

I am having a problem understanding Outlooks usage of Digital Certificates in
relation to sending/receiving email and also the inability to reply to a
digitally signed message and why it cant/wont encrypt that reply.

OK here is the senario:

1. (e-mail address removed) get and installs a digital certificate into outlook {from
www.cacert.org [there free])

2. (e-mail address removed) emails (e-mail address removed) using outlook and attaches their Digital
ID.
Everything so far works well and email leaves (e-mail address removed)'s PC with a
Digital ID attached. I@home knows this because lots of people I mails ask
what this strange email is that has arrived with all sorts of frightening
warnings on it, and why cant they see the content. I tell them how to trust
either the new signing authority or just a specific certificate.

3. (e-mail address removed) is not under I's control and has not got a digital
certificate.

4. (e-mail address removed) now tries to reply to the email from I@home and gets the
following error message:

"Microsoft Office Outlook could not sign or encrypt this message because you
have no certificates which can be used to send from the e-mail address
'(e-mail address removed)'. You can do either of the following:
Get a new digital ID to use with this account. On the tools menu, click
Options, click Security tab, and then get a Digital ID.
Use the Account button to send the message using an account that you have
certificates for."

5. After a little experimentation I find that the reply from U@home will
send, if the Digital ID icon is clicked to deselect that option. I assume
that either it was attempting to reply from U@home using I@home's digital id
OR just because the option was set when the email was sent to U@Home outlook
assumes the U@Home will also want to send a certificate in reply without
checking with the settings of the outlook system it is now running on to find
thet there is no certifictae and no setting to say send a certificate !?!?


6. Of course this gets me thinking and I select the Encrypt icon after
unselecting the digitalID icon. Here I assume that as I now have the Digital
ID of I@home in the contacts list of U@home's outlook, U@home can reply and
or send new email to I@home in an encrypted state. ISN'T THAT THE WHOLE
POINT? ( the Digital ID of course contains the public key of (e-mail address removed) )
BUT LO, I cannot do anything of the sort, both reply and new mail give the
same error message as before.


OK, here are the questions:
WHY?
There appears to be a requirement in outlook that in order to use email
encryption, the sender must have their own certificate as well as the public
key of the recipient. Why should this be so? Encryption on U@Homes' PC only
uses I@Home's public key.
To use an analogy, there is no reason to assume the question needs to be
encrypted if only the answer is private.
EMAIL From the Inland Revenue. "How much did you earn last year. " (contains
the digital id of taxman)
EMAIL REPLY to Inland Revenue. £XJ6d6e6366fg6g [encrypted using taxmans
public key])

Why doesn't outlook remove the certificate of I@home when U@home attempts to
reply to an email from I@home, if that is what is at fault
OR
Why doesn't outlook deselect the "add digital signature" option on the
replying system when that option is not set on that machine?

I am afraid it appears that Outlook is making the use of Digital
Certificates so obscure and difficult that it will hold back the use of
digitally signed email rather than encourage it.

( PS Microsoft, As an aside, why does a digitally signed email look so
dangerous and frightening to the recipient and an email carrying a
potentially dangerous attachment look so benign? Surely this is the wrong way
around!)

Chris
(If everybody gets and uses a digital certificate, spam would disappear
almost overnight, or at least be so easy to spot it could be filtered out way
before clogging up the internet. BE RESPONSIBLE FOR YOUR ACTIONS. GET A
DIGITAL CERTIFICATE!)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top