[Cryptography] Any S/MIME or PGP for normal people
Dennis E. Hamilton
dennis.hamilton at acm.org
Fri May 15 15:04:05 EDT 2015
Concerning the Microsoft Outlook question,
----- responding in-line to -----
From: cryptography [mailto:cryptography-bounces+dennis.hamilton=acm.org at metzdowd.com] On Behalf Of Viktor Dukhovni
Sent: Thursday, May 14, 2015 13:26
To: cryptography at metzdowd.com
Subject: Re: [Cryptography] Any S/MIME or PGP for normal people
[ ... ]
IIRC Windows S/MIME support tends to frown on TOFU PKI, and I don't
think that with Outlook et. al. it is possible to trust a given
cert for a given correspondent. There one does need a corporate
CA, and I don't recall how easy it is to sign or decrypt mail.
<orcmid>
Yes, you can always trust a given cert for a given correspondent.
This is handy for self-signed certs and ones with vague or unknown
institutional CAs that one is willing to trust based on some out-
of-band agreement.
You can import the public-key cert directly or receive it as part
A signed e-mail, using Microsoft Outlook S/MIME.
It is fairly easy to identify and specify a cert to use (it must be
associated with the email address being sent with) for signing.
If you have multiple private keys associated with different email
addresses, Outlook chooses the correct one for signing an email.
Choosing to sign a message is a button click in the email form,
and you can make signing the default.
For encrypting to a recipient, that is a button click too, so
long as you have the public key associated with the destination
e-mail address.
Decryption of received encrypted S/MIME emails is automatic
on viewing.
Checking of received S/MIME signatures is automatic.
Detection of expired certs and checking of revocation lists is
also handled.
</orcmid>
--
Viktor.
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list