Secure mail platforms must master the delivery of both messages and keys
Whether a secure message is delivered to a client inbox, a Web mail service, or an SSL-secured Web portal, the important thing is that the recipient can open and read the message without any hassle. Striving to meet both security requirements and the needs of end users, vendors of secure mail solutions offer a few different ways to deliver not only messages, but also the keys to decrypting them.
There are three basic message delivery models: online push, offline push, and online pull. Online push means an encrypted e-mail is sent to the recipient's mail client. Think of it as the message being pushed from the sender’s mail server. Online pull means that the recipient retrieves the secure mail from a Web-based mail system.
In both online push and online pull, the end user is connected to the Internet or an enterprise network while retrieving the encrypted message. For online push and pull, all of the vendors in our review use symmetric key cryptography -- i.e., the same key is used for encryption and decryption -- for a couple of reasons. First, symmetric keys are much faster and require less CPU time than asymmetric keys.
Second, symmetric keys are associated with a single message, providing for very reliable "read receipting." These keys are created using highly random number generators, then stored in a database for later retrieval. When a user authenticates and opens an e-mail while online, the same key the sender used to encrypt the message is retrieved from the database and an access log entry is created showing the date and time the key was used.
Offline push is a little more interesting than online push. With offline push, the recipient doesn’t have to retrieve a decryption key to open the message. Everything necessary to decrypt the message is included in the e-mail package. The key used to encrypt the original e-mail is itself encrypted using a key based on the user's name and password. When the recipient opens the message, the user name and password decrypts the original key, which in turn decrypts the message.
All three methods off delivering mail are considered secure, as long as the user's password is sufficiently strong enough. Because an offline push message is potentially vulnerable to a brute force or dictionary attack, strong passwords are essential. The passwords should be at least eight characters long, and use mixed case and at least one nonalphanumeric character. If you do that, there is little chance that someone will be able to break into your users' mail.
How far does Swift soar over Objective-C? Let us count the ways
Gordon Moore talks about his famous observation that paved the way for faster, smaller and cheaper...
Appboy's on-stage presentation at Demo Traction on April 22, 2015
Sponsored by Nuage Networks
Sponsored by Fibre Channel Industry Association
The few changes at worst do no harm to IT and in some cases may make things a little easier or safer
Charter's proposed merger with Time Warner may pass FCC scrutiny, but the outcome for consumers is...
All software has bugs, but even the most well known applications can have errors and vulnerabilities...
Is Eclipse overkill? Is Vim not enough? Then check out the new generation of code editors, led by...