[AccessD] Digital signature / certificates

John W. Colby jcolby at ColbyConsulting.com
Mon Mar 17 22:35:01 CST 2003 

So it appears that the certificate survived the routing through the list
server as well.  The problem is that the process of storing the
certificate is to right click the from, which in this case is the list
server, which means that if it did save the certificate it would do so to
the AccessD contact not to my contact in your address book.
John W. Colby
Colby Consulting
www.ColbyConsulting.com

  -----Original Message-----
  From: accessd-admin at databaseadvisors.com
[mailto:accessd-admin at databaseadvisors.com]On Behalf Of John W. Colby
  Sent: Monday, March 17, 2003 11:21 PM
  To: AccessD
  Subject: [AccessD] Digital signature / certificates


  Trying this again.  If anyone can read this, please at least one such
person respond.  If anyone can't read this...  uh... don't bother
responding.

  <grin>

  Digital certificates are essentially a digital signature as well as a
public key / private key pair.  The digital signature tells the person
receiving a signed email that the email comes from you and hasn't been
altered.  The certificate that is contained in any signed message also
contains a public key belonging to the sender.  By opening the email,
right clicking the From line, and adding the person to your contacts, the
certificate from that person, including the public key, is stored in the
contact info.  Obvious this isn't going to work as expected with the list
since the message is retransmitted.  In fact I have no idea what is going
to happen in this case, we shall just have to wait and see.

  That public key from the contact can then be used to encrypt email and
theoretically an attachment as well.  Since the public key is stored in
the contact record, it is used for the encryption, and the message (and
attachments) can only be decoded by the matching private key.  I.e.
automatic digital signature and easy to use (though not automatic)
encryption of messages.  Since your friend's certificate is stored with
his contact info on your computer, any email and attachments sent to him
can be encrypted using his public key.

  I say easy to use though not automatic encryption because in order to
encrypt a given message you have to go to the properties of that message
and select encryption.  There is however an option to encrypt all
messages.  I assume that if the contact selected as the recipient has no
certificate, no encryption takes place, so it appears that maybe a totally
automatic / always on encryption scheme can take place with any contacts
that you have received and stored a certificate for.  However... I tested
this... if you send an encrypted message to a contact with a certificate
in your contact book, and CC a contact without a certificate, the message
is encrypted.  You are warned that the person without a certificate will
not be able to see the message (because it is encrypted) and that does
indeed happen.

  Anyway, I have always wanted to have this capability.  I have contacts
with clients that should be kept confidential, for example transferring BE
databases that contain customer data to me for my work at my home office
etc.  The ability to encrypt these things is or should be important.  I
understand that there are now laws that state that if you transmit
people's SSNs across the internet you must take specific precautions or
you are breaking the law.  I haven't seen this law, but I know that
certain insurance companies I deal with are starting to get touchy about
sending data files to me with the SSNs in them.  Perhaps this security
will help in these situations.

  I thought you guys might be interested in what I have figured out.
First of all there is a company that provides FREE personal email
certificates.  Most such companies charge a small fee for them.

  http://www.thawte.com/html/COMMUNITY/personal/index.html

  In order to get this you have to fill out a form with your address,
phone and one personal ID number - SSN, Drivers License Number or Passport
Number.  Basically after following the process you are sent an email to
the email address you provide them that contains a "ping" hotlink that you
have to click on which then tells them you received the email and you are
then issued the certificate.

  Anyway, I just thought I'd let you know that free certs are available,
are reasonably easy to obtain, and reasonably easy to get working.

  John W. Colby
  Colby Consulting
  www.ColbyConsulting.com

  ----------------------------------------------------
  Is email taking over your day?  Manage your time with eMailBoss.
  Try it free!  http://www.eMailBoss.com


--------------------------------------------------------------------------
------

Is email taking over your day? Manage your time with eMailBoss. Try it
free! http://www.eMailBoss.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://databaseadvisors.com/pipermail/accessd/attachments/20030317/86b6061c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3047 bytes
Desc: not available
URL: <http://databaseadvisors.com/pipermail/accessd/attachments/20030317/86b6061c/attachment-0001.bin>

More information about the AccessD mailing list