Cryptographic pushme-pullyou

Secure mail platforms must master the delivery of both messages and keys

Whether a secure message is delivered to a client inbox, a Web mail service, or an SSL-secured Web portal, the important thing is that the recipient can open and read the message without any hassle. Striving to meet both security requirements and the needs of end users, vendors of secure mail solutions offer a few different ways to deliver not only messages, but also the keys to decrypting them.

There are three basic message delivery models: online push, offline push, and online pull. Online push means an encrypted e-mail is sent to the recipient's mail client. Think of it as the message being pushed from the sender’s mail server. Online pull means that the recipient retrieves the secure mail from a Web-based mail system.

In both online push and online pull, the end user is connected to the Internet or an enterprise network while retrieving the encrypted message. For online push and pull, all of the vendors in our review use symmetric key cryptography -- i.e., the same key is used for encryption and decryption -- for a couple of reasons. First, symmetric keys are much faster and require less CPU time than asymmetric keys.

Second, symmetric keys are associated with a single message, providing for very reliable "read receipting." These keys are created using highly random number generators, then stored in a database for later retrieval. When a user authenticates and opens an e-mail while online, the same key the sender used to encrypt the message is retrieved from the database and an access log entry is created showing the date and time the key was used.

Offline push is a little more interesting than online push. With offline push, the recipient doesn’t have to retrieve a decryption key to open the message. Everything necessary to decrypt the message is included in the e-mail package. The key used to encrypt the original e-mail is itself encrypted using a key based on the user's name and password. When the recipient opens the message, the user name and password decrypts the original key, which in turn decrypts the message.

All three methods off delivering mail are considered secure, as long as the user's password is sufficiently strong enough. Because an offline push message is potentially vulnerable to a brute force or dictionary attack, strong passwords are essential. The passwords should be at least eight characters long, and use mixed case and at least one nonalphanumeric character. If you do that, there is little chance that someone will be able to break into your users' mail.