Re: Encrypted emails

[Paul daSilva <pdasilva () polr org>]

Hi Jair,

I don't pretend to know anything about Microsoft Active Directory, and 
don't know if this is even an available feature for MS Exchange.  So, 
hopefully somebody else on the list will be able to help you in more detail.

In my experience, this type of functionality requires an SSL certificate 
on your Internet-facing mail server (MX), and of course you need to 
configure the mail server to talk both plain SMTP and encrypted SMTP.  
This gives you transport-level security, encrypting communication 
between mail servers using a common certificate.  Easier to deploy but 
possibly less secure, as anyone gaining access to 1 common certificate 
can potentially decrypt all encrypted mail flowing through that mail server.

A quick 'google' will yield you with positive results:
http://www.networkworld.com/news/2007/011807-tls4.html

Alternatively, you could deploy a tool like PGP or the like, allowing 
each user the option to encrypt selected email messages using their own 
individual certificates.  Harder and more expensive to deploy, but 
possibly more secure as each individual user has their own certificate, 
and only intended recipients will be provided with the means to decrypt 
and read the message based on a web of trust.


Cheers,
Paul daSilva


Jair wrote:
> Hi There,
>
> I have a CA in my windows 2000 active directory domain and my users 
> are able
> to send encrypted emails just to internal users in the organization( 
> users
> in the same active directory domain).
> Are you aware of any way to send encrypted messages to users in a 
> different
> organization ( another email domain) ?
>
> Thanks a lot in advance for your answer.