|
exchange
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Opening encrypted emailsfrom another mailbox? For example, UserA sends an encrypted message to UserB. If UserA opens up UserB's mailbox (assuming UserA has rights to the box), should UserA be able to open the encrypted message that was sent to UserB? One of my fellow admins thinks this should not work since the message was encrypted with UserB's public certs; the message should only decrypt and open with UserB's private certs. While I agree with that in principle, the behavior I'm seeing suggests that Exchange is recognizing that UserA has been verified as the orignal sender, and having been verified is allowed to open the message. I did everything I could think of to make sure I wasn't opening a cached message: I created different Outlook profiles for both UserA and UserB, and I sent the message on one computer and opened it from a differnt machine. All certificates are on smart cards and are published to the GAL. If this behavior should not be happening, how do I fix it? If it is default behavior, is there any documentation for it? Thank you! Auschten His certificate would have to be installed, wouldn't it?
-- Show quoteEd Crowley MVP - Exchange "Protecting the world from PSTs and brick backups!" "Auschten" <Ausch***@discussions.microsoft.com> wrote in message news:F1CDC0AD-D141-4F99-96AD-FF9D94EE6173@microsoft.com... > Should the original sender of an encrypted email be able to open that > message > from another mailbox? For example, UserA sends an encrypted message to > UserB. > If UserA opens up UserB's mailbox (assuming UserA has rights to the box), > should UserA be able to open the encrypted message that was sent to UserB? > > One of my fellow admins thinks this should not work since the message was > encrypted with UserB's public certs; the message should only decrypt and > open > with UserB's private certs. While I agree with that in principle, the > behavior I'm seeing suggests that Exchange is recognizing that UserA has > been > verified as the orignal sender, and having been verified is allowed to > open > the message. > > I did everything I could think of to make sure I wasn't opening a cached > message: I created different Outlook profiles for both UserA and UserB, > and I > sent the message on one computer and opened it from a differnt machine. > All > certificates are on smart cards and are published to the GAL. > > If this behavior should not be happening, how do I fix it? If it is > default > behavior, is there any documentation for it? > > Thank you! > Auschten What method of encryption/decryption are you using?
-- Show quoteEd Crowley MVP - Exchange "Protecting the world from PSTs and brick backups!" "Auschten" <Ausch***@discussions.microsoft.com> wrote in message news:F1CDC0AD-D141-4F99-96AD-FF9D94EE6173@microsoft.com... > Should the original sender of an encrypted email be able to open that > message > from another mailbox? For example, UserA sends an encrypted message to > UserB. > If UserA opens up UserB's mailbox (assuming UserA has rights to the box), > should UserA be able to open the encrypted message that was sent to UserB? > > One of my fellow admins thinks this should not work since the message was > encrypted with UserB's public certs; the message should only decrypt and > open > with UserB's private certs. While I agree with that in principle, the > behavior I'm seeing suggests that Exchange is recognizing that UserA has > been > verified as the orignal sender, and having been verified is allowed to > open > the message. > > I did everything I could think of to make sure I wasn't opening a cached > message: I created different Outlook profiles for both UserA and UserB, > and I > sent the message on one computer and opened it from a differnt machine. > All > certificates are on smart cards and are published to the GAL. > > If this behavior should not be happening, how do I fix it? If it is > default > behavior, is there any documentation for it? > > Thank you! > Auschten PKI certificates on smart cards published to the GAL.
Show quote "Ed Crowley [MVP]" wrote: > What method of encryption/decryption are you using? > -- > Ed Crowley > MVP - Exchange > "Protecting the world from PSTs and brick backups!" > > "Auschten" <Ausch***@discussions.microsoft.com> wrote in message > news:F1CDC0AD-D141-4F99-96AD-FF9D94EE6173@microsoft.com... > > Should the original sender of an encrypted email be able to open that > > message > > from another mailbox? For example, UserA sends an encrypted message to > > UserB. > > If UserA opens up UserB's mailbox (assuming UserA has rights to the box), > > should UserA be able to open the encrypted message that was sent to UserB? > > > > One of my fellow admins thinks this should not work since the message was > > encrypted with UserB's public certs; the message should only decrypt and > > open > > with UserB's private certs. While I agree with that in principle, the > > behavior I'm seeing suggests that Exchange is recognizing that UserA has > > been > > verified as the orignal sender, and having been verified is allowed to > > open > > the message. > > > > I did everything I could think of to make sure I wasn't opening a cached > > message: I created different Outlook profiles for both UserA and UserB, > > and I > > sent the message on one computer and opened it from a differnt machine. > > All > > certificates are on smart cards and are published to the GAL. > > > > If this behavior should not be happening, how do I fix it? If it is > > default > > behavior, is there any documentation for it? > > > > Thank you! > > Auschten > > > Your explanation seems right to me too, but I'm hardly an expert on this PKI
stuff, so I really don't know. It makes my brain hurt. Sorry. -- Show quoteEd Crowley MVP - Exchange "Protecting the world from PSTs and brick backups!" "Auschten" <Ausch***@discussions.microsoft.com> wrote in message news:CD0C627D-D091-429F-8203-492CADA80D50@microsoft.com... > PKI certificates on smart cards published to the GAL. > > "Ed Crowley [MVP]" wrote: > >> What method of encryption/decryption are you using? >> -- >> Ed Crowley >> MVP - Exchange >> "Protecting the world from PSTs and brick backups!" >> >> "Auschten" <Ausch***@discussions.microsoft.com> wrote in message >> news:F1CDC0AD-D141-4F99-96AD-FF9D94EE6173@microsoft.com... >> > Should the original sender of an encrypted email be able to open that >> > message >> > from another mailbox? For example, UserA sends an encrypted message to >> > UserB. >> > If UserA opens up UserB's mailbox (assuming UserA has rights to the >> > box), >> > should UserA be able to open the encrypted message that was sent to >> > UserB? >> > >> > One of my fellow admins thinks this should not work since the message >> > was >> > encrypted with UserB's public certs; the message should only decrypt >> > and >> > open >> > with UserB's private certs. While I agree with that in principle, the >> > behavior I'm seeing suggests that Exchange is recognizing that UserA >> > has >> > been >> > verified as the orignal sender, and having been verified is allowed to >> > open >> > the message. >> > >> > I did everything I could think of to make sure I wasn't opening a >> > cached >> > message: I created different Outlook profiles for both UserA and UserB, >> > and I >> > sent the message on one computer and opened it from a differnt machine. >> > All >> > certificates are on smart cards and are published to the GAL. >> > >> > If this behavior should not be happening, how do I fix it? If it is >> > default >> > behavior, is there any documentation for it? >> > >> > Thank you! >> > Auschten >> >> >>  |
|||||||||||||||||||||||
Other interesting topics