Secure mail platforms must master the delivery of both messages and keys
Whether a secure message is delivered to a client inbox, a Web mail service, or an SSL-secured Web portal, the important thing is that the recipient can open and read the message without any hassle. Striving to meet both security requirements and the needs of end users, vendors of secure mail solutions offer a few different ways to deliver not only messages, but also the keys to decrypting them.
There are three basic message delivery models: online push, offline push, and online pull. Online push means an encrypted e-mail is sent to the recipient's mail client. Think of it as the message being pushed from the sender’s mail server. Online pull means that the recipient retrieves the secure mail from a Web-based mail system.
In both online push and online pull, the end user is connected to the Internet or an enterprise network while retrieving the encrypted message. For online push and pull, all of the vendors in our review use symmetric key cryptography -- i.e., the same key is used for encryption and decryption -- for a couple of reasons. First, symmetric keys are much faster and require less CPU time than asymmetric keys.
Second, symmetric keys are associated with a single message, providing for very reliable "read receipting." These keys are created using highly random number generators, then stored in a database for later retrieval. When a user authenticates and opens an e-mail while online, the same key the sender used to encrypt the message is retrieved from the database and an access log entry is created showing the date and time the key was used.
Offline push is a little more interesting than online push. With offline push, the recipient doesn’t have to retrieve a decryption key to open the message. Everything necessary to decrypt the message is included in the e-mail package. The key used to encrypt the original e-mail is itself encrypted using a key based on the user's name and password. When the recipient opens the message, the user name and password decrypts the original key, which in turn decrypts the message.
All three methods off delivering mail are considered secure, as long as the user's password is sufficiently strong enough. Because an offline push message is potentially vulnerable to a brute force or dictionary attack, strong passwords are essential. The passwords should be at least eight characters long, and use mixed case and at least one nonalphanumeric character. If you do that, there is little chance that someone will be able to break into your users' mail.
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Microsoft buried a Get Windows 10 ad generator inside this month's Internet Explorer security patch for...
Here’s the best of the best for Windows 10. Sometimes good things come in free packages
The creator of Linux talks in depth about the kernel, community, and how computing will change in the...
The latest additions to Google's mobile OS should give you plenty to chew on
The open source operating system celebrates its 25th anniversary this month
Google's gRPC aims to oust JSON for exchanging data between HTTP-connected services