[AccessD] Digital signature / certificates

Charlotte Foust cfoust at infostatsystems.com
Tue Mar 18 12:15:00 CST 2003


My outlook won't even let me reply to the ones with the blue symbol.  It
wants nothing to do with them.  Pretty good security at that!  NOBODY
can get in, even the author. <vbg>  
 
Charlotte Foust

	-----Original Message-----
	From: John W. Colby [mailto:jcolby at colbyconsulting.com] 
	Sent: Tuesday, March 18, 2003 8:19 AM
	To: accessd at databaseadvisors.com
	Subject: RE: [AccessD] Digital signature / certificates
	
	
	Yea, I know.  I can't read them either.  And the weird part is
that it seems to be a flip of the coin how they come through.  I replied
to a message, got that blue symbol.  Replied again got the readable
version.  Replied again got the blue symbol.  
	 
	Not good.

	John W. Colby
	Colby Consulting
	www.ColbyConsulting.com 

		-----Original Message-----
		From: accessd-admin at databaseadvisors.com
[mailto:accessd-admin at databaseadvisors.com]On Behalf Of Charlotte Foust
		Sent: Tuesday, March 18, 2003 11:05 AM
		To: accessd at databaseadvisors.com
		Subject: RE: [AccessD] Digital signature / certificates
		
		
		These I can read.  The ones that come through with a
little blue information icon are unopenable because it says "Your
Digital ID name cannot be found by the underlying security system."  I'm
using Outlook XP on WinXP.  All the latest patches.
		 
		Charlotte Foust

			-----Original Message-----
			From: John W. Colby
[mailto:jcolby at colbyconsulting.com] 
			Sent: Monday, March 17, 2003 8:21 PM
			To: AccessD
			Subject: [AccessD] Digital signature /
certificates
			
			

			Trying this again.  If anyone can read this,
please at least one such person respond.  If anyone can't read this...
uh... don't bother responding.

			<grin> 

			Digital certificates are essentially a digital
signature as well as a public key / private key pair.  The digital
signature tells the person receiving a signed email that the email comes
from you and hasn't been altered.  The certificate that is contained in
any signed message also contains a public key belonging to the sender.
By opening the email, right clicking the From line, and adding the
person to your contacts, the certificate from that person, including the
public key, is stored in the contact info.  Obvious this isn't going to
work as expected with the list since the message is retransmitted.  In
fact I have no idea what is going to happen in this case, we shall just
have to wait and see.

			That public key from the contact can then be
used to encrypt email and theoretically an attachment as well.  Since
the public key is stored in the contact record, it is used for the
encryption, and the message (and attachments) can only be decoded by the
matching private key.  I.e. automatic digital signature and easy to use
(though not automatic) encryption of messages.  Since your friend's
certificate is stored with his contact info on your computer, any email
and attachments sent to him can be encrypted using his public key.

			I say easy to use though not automatic
encryption because in order to encrypt a given message you have to go to
the properties of that message and select encryption.  There is however
an option to encrypt all messages.  I assume that if the contact
selected as the recipient has no certificate, no encryption takes place,
so it appears that maybe a totally automatic / always on encryption
scheme can take place with any contacts that you have received and
stored a certificate for.  However... I tested this... if you send an
encrypted message to a contact with a certificate in your contact book,
and CC a contact without a certificate, the message is encrypted.  You
are warned that the person without a certificate will not be able to see
the message (because it is encrypted) and that does indeed happen.

			Anyway, I have always wanted to have this
capability.  I have contacts with clients that should be kept
confidential, for example transferring BE databases that contain
customer data to me for my work at my home office etc.  The ability to
encrypt these things is or should be important.  I understand that there
are now laws that state that if you transmit people's SSNs across the
internet you must take specific precautions or you are breaking the law.
I haven't seen this law, but I know that certain insurance companies I
deal with are starting to get touchy about sending data files to me with
the SSNs in them.  Perhaps this security will help in these situations.

			I thought you guys might be interested in what I
have figured out.  First of all there is a company that provides FREE
personal email certificates.  Most such companies charge a small fee for
them.

	
http://www.thawte.com/html/COMMUNITY/personal/index.html 

			In order to get this you have to fill out a form
with your address, phone and one personal ID number - SSN, Drivers
License Number or Passport Number.  Basically after following the
process you are sent an email to the email address you provide them that
contains a "ping" hotlink that you have to click on which then tells
them you received the email and you are then issued the certificate.

			Anyway, I just thought I'd let you know that
free certs are available, are reasonably easy to obtain, and reasonably
easy to get working.

			John W. Colby 
			Colby Consulting 
			www.ColbyConsulting.com 

	
---------------------------------------------------- 
			Is email taking over your day?  Manage your time
with eMailBoss.  
			Try it free!  http://www.eMailBoss.com 

  _____  

	Is email taking over your day? Manage your time with eMailBoss.
Try it free! http://www.eMailBoss.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://databaseadvisors.com/pipermail/accessd/attachments/20030318/be751ae9/attachment-0001.html>


More information about the AccessD mailing list