Secure mail platforms must master the delivery of both messages and keys
Whether a secure message is delivered to a client inbox, a Web mail service, or an SSL-secured Web portal, the important thing is that the recipient can open and read the message without any hassle. Striving to meet both security requirements and the needs of end users, vendors of secure mail solutions offer a few different ways to deliver not only messages, but also the keys to decrypting them.
There are three basic message delivery models: online push, offline push, and online pull. Online push means an encrypted e-mail is sent to the recipient's mail client. Think of it as the message being pushed from the sender’s mail server. Online pull means that the recipient retrieves the secure mail from a Web-based mail system.
In both online push and online pull, the end user is connected to the Internet or an enterprise network while retrieving the encrypted message. For online push and pull, all of the vendors in our review use symmetric key cryptography -- i.e., the same key is used for encryption and decryption -- for a couple of reasons. First, symmetric keys are much faster and require less CPU time than asymmetric keys.
Second, symmetric keys are associated with a single message, providing for very reliable "read receipting." These keys are created using highly random number generators, then stored in a database for later retrieval. When a user authenticates and opens an e-mail while online, the same key the sender used to encrypt the message is retrieved from the database and an access log entry is created showing the date and time the key was used.
Offline push is a little more interesting than online push. With offline push, the recipient doesn’t have to retrieve a decryption key to open the message. Everything necessary to decrypt the message is included in the e-mail package. The key used to encrypt the original e-mail is itself encrypted using a key based on the user's name and password. When the recipient opens the message, the user name and password decrypts the original key, which in turn decrypts the message.
All three methods off delivering mail are considered secure, as long as the user's password is sufficiently strong enough. Because an offline push message is potentially vulnerable to a brute force or dictionary attack, strong passwords are essential. The passwords should be at least eight characters long, and use mixed case and at least one nonalphanumeric character. If you do that, there is little chance that someone will be able to break into your users' mail.
Windows 7 is suddenly telling users it isn't genuine -- and it has nothing to do with Windows being...
Windows users are reporting significant problems with four more October Black Tuesday patches
Microsoft sends KB 2952664 through the automatic update chute for the seventh time -- and still can't...
Sponsored by Nuage Networks
Sponsored by Fibre Channel Industry Association
Robotic process automation has higher-value IT tasks in its cross-hairs but could be the best antidote...
Alpha Anywhere, AnyPresence, and Salesforce1 lead a rich field of low-code mobile development tools
There's breaking the mold with innovative new features -- and then there are these phones
Big data technologies like Spark are all the rage, but are they the future? The answer is complicated ...