[AccessD] Digital signature / certificates

John W. Colby jcolby at ColbyConsulting.com
Tue Mar 18 10:20:00 CST 2003


MessageYea, I know.  I can't read them either.  And the weird part is that
it seems to be a flip of the coin how they come through.  I replied to a
message, got that blue symbol.  Replied again got the readable version.
Replied again got the blue symbol.

Not good.
John W. Colby
Colby Consulting
www.ColbyConsulting.com

  -----Original Message-----
  From: accessd-admin at databaseadvisors.com
[mailto:accessd-admin at databaseadvisors.com]On Behalf Of Charlotte Foust
  Sent: Tuesday, March 18, 2003 11:05 AM
  To: accessd at databaseadvisors.com
  Subject: RE: [AccessD] Digital signature / certificates


  These I can read.  The ones that come through with a little blue
information icon are unopenable because it says "Your Digital ID name cannot
be found by the underlying security system."  I'm using Outlook XP on WinXP.
All the latest patches.

  Charlotte Foust
    -----Original Message-----
    From: John W. Colby [mailto:jcolby at colbyconsulting.com]
    Sent: Monday, March 17, 2003 8:21 PM
    To: AccessD
    Subject: [AccessD] Digital signature / certificates


    Trying this again.  If anyone can read this, please at least one such
person respond.  If anyone can't read this...  uh... don't bother
responding.

    <grin>

    Digital certificates are essentially a digital signature as well as a
public key / private key pair.  The digital signature tells the person
receiving a signed email that the email comes from you and hasn't been
altered.  The certificate that is contained in any signed message also
contains a public key belonging to the sender.  By opening the email, right
clicking the From line, and adding the person to your contacts, the
certificate from that person, including the public key, is stored in the
contact info.  Obvious this isn't going to work as expected with the list
since the message is retransmitted.  In fact I have no idea what is going to
happen in this case, we shall just have to wait and see.

    That public key from the contact can then be used to encrypt email and
theoretically an attachment as well.  Since the public key is stored in the
contact record, it is used for the encryption, and the message (and
attachments) can only be decoded by the matching private key.  I.e.
automatic digital signature and easy to use (though not automatic)
encryption of messages.  Since your friend's certificate is stored with his
contact info on your computer, any email and attachments sent to him can be
encrypted using his public key.

    I say easy to use though not automatic encryption because in order to
encrypt a given message you have to go to the properties of that message and
select encryption.  There is however an option to encrypt all messages.  I
assume that if the contact selected as the recipient has no certificate, no
encryption takes place, so it appears that maybe a totally automatic /
always on encryption scheme can take place with any contacts that you have
received and stored a certificate for.  However... I tested this... if you
send an encrypted message to a contact with a certificate in your contact
book, and CC a contact without a certificate, the message is encrypted.  You
are warned that the person without a certificate will not be able to see the
message (because it is encrypted) and that does indeed happen.

    Anyway, I have always wanted to have this capability.  I have contacts
with clients that should be kept confidential, for example transferring BE
databases that contain customer data to me for my work at my home office
etc.  The ability to encrypt these things is or should be important.  I
understand that there are now laws that state that if you transmit people's
SSNs across the internet you must take specific precautions or you are
breaking the law.  I haven't seen this law, but I know that certain
insurance companies I deal with are starting to get touchy about sending
data files to me with the SSNs in them.  Perhaps this security will help in
these situations.

    I thought you guys might be interested in what I have figured out.
First of all there is a company that provides FREE personal email
certificates.  Most such companies charge a small fee for them.

    http://www.thawte.com/html/COMMUNITY/personal/index.html

    In order to get this you have to fill out a form with your address,
phone and one personal ID number - SSN, Drivers License Number or Passport
Number.  Basically after following the process you are sent an email to the
email address you provide them that contains a "ping" hotlink that you have
to click on which then tells them you received the email and you are then
issued the certificate.

    Anyway, I just thought I'd let you know that free certs are available,
are reasonably easy to obtain, and reasonably easy to get working.

    John W. Colby
    Colby Consulting
    www.ColbyConsulting.com

    ----------------------------------------------------
    Is email taking over your day?  Manage your time with eMailBoss.
    Try it free!  http://www.eMailBoss.com


----------------------------------------------------------------------------
----

Is email taking over your day? Manage your time with eMailBoss. Try it free!
http://www.eMailBoss.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://databaseadvisors.com/pipermail/accessd/attachments/20030318/48fdf66b/attachment-0001.html>


More information about the AccessD mailing list