Thawte CERT/Outlook, good setup?

Discussion in 'privacy technology' started by Red Dawn, Sep 29, 2004.

Thread Status:
Not open for further replies.
  1. Red Dawn

    Red Dawn Registered Member

    Joined:
    Jun 28, 2004
    Posts:
    116
    Recently the company I work for stated for us to encrypt all of our email. They suggested using either PGP or getting a free Thawte email cert. I opted for the digital id from thawte and went ahead and applied for one, and now have a cert issued. After some reading, it states that with this id I can sign and encrypt all of my email, but I'm not sure how to do this.

    I have the id installed since I can view the details in my certificates setup within IE, Tools, Internet Options, Content, Certificates. But what do I do next? I have Outlook 2002 as my email client and want to configure it to use the thawte cert, does anyone know how this is setup? Also, is this a good option for users that wish to encrypt/sign their email? Thank you.

    Sorry if I didn't add this thread under the correct section.
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Any certificate serves several purposes. First it's a digital passport, whereby you may identify yourself on the anonymous internet. You can do that by digitally signing a message. A trusted third party guarantees the authenticity of identity of the certificate.
    Second, it contains keys that may be used to encrypt and decrypt messages and to digitally sign messages in order to guarantee the integrity of the message.
    The iso standard x509.3 descibes these certificates.

    The free Thawte certificate can do both.
    First: encrypting is possible if both the sender and the recipient use their own certificate. Just install the certificate in Internet Explorer en Outlook (express) can be used to secure the message. Just press the button to encrypt. But you can only encrypt a message to a recipient if you have recieved his/her certificate in a signed message that you received earlier. Your mailclient must know the key to use to encrypt the message with. It's the public key of the recipient, that you received with the earlier signed message.

    When you sign a message, your mail client uses your private key to compute the integrity hash and it attaches the certificate with your public key to the message and sends it to the recipient. Only when the recipient knows your public key, he/she can send you an encrypted message.

    In Outlook Express (I don't have Outlook experience) there's a button in the toolbar to sign or encrypt. It probably only is available when the recipients' certificate is available. You'll have to separately enter your password or passphrase to authenticate your certificate.

    The Thawte certificate can also serve as your digital passport. It's value, however, is perhaps somewhat limited. Thawte is known as a 'root CA', an institute that can publish certificates, but Thawte doesn't know its subjects like other root CA's. The registration authority (RA) that certifies your identity is not a trusted institute, but it's a group of other 'Thawte trusted' certificate holders, the notaries. It's this distributed RA-functions that makes it possible to distribute certificates for free. The RA function is very expensive. If you drop by ( :p), I can give out trust points (I'm a notary myself).

    I don't know the level of cross certification between Thawte and other root CA's.
    If you want secure messaging, get a Thawte certificate and exchange your certificate with others. I hardly ever use it to encrypt messages, but I like to be able to.

    Strange that some of the least secure mail clients (Outlook and OE) know how to handle certificates and taht more secure mail clients don't. I bought my The Bat! mail client licence just because of this ability in a secure mail client.
     
  3. Red Dawn

    Red Dawn Registered Member

    Joined:
    Jun 28, 2004
    Posts:
    116
    Thank you meneer, you helped me out ton's with your info. I don't use other email clients other then Outlook, though I have tried Thunderbird and that is a great client that also supports S/MIME, x509.3 certificates. My employer though pushes outlook, and since I've been using it since day one, I'll stick to it and run that way. I actually thought I'd have to install PGP for encryption, but after reading over what this certificate could do, and finding out that virtually everyone else I email to uses digital certificates, this is the best method for encryption for my setup. I would also like to take you up on that offer for trust points, after reading I need 100 points to move up.

    How do I go about doing that? Thanks again my friend for your help.
     
  4. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    If you're in the Netherlands, feel free to come over.. 35 trust points waiting to be awarded :p
    Otherwise get your certificate and use the notary finder at Thawte's site.
    You only need trust point if you want your name tied to the certificate, or if you want to be a notary. The encryption and signing will work without you having earned your points.
    But indeed, being part of the WoT community sure feels good :rolleyes:
     
  5. steverio

    steverio Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    161
    The non-security minded people who couldn't care less to learn or use encryption are the ones I get to email to! o_O

    Good setup Red Dawn!

    PS: I have been using Outlook for years along with NEO Pro but have switched over to TheBat Pro for ease of security.
     
  6. Red Dawn

    Red Dawn Registered Member

    Joined:
    Jun 28, 2004
    Posts:
    116
    Thank you guy's, Meneer, I'm not in your part of the world, but I was able to find a notary in my area and today he gave me 35 points, so my luck isn't all bad. And as you stated, I also wish to be a notary, but, more important, would like the cert to have my name, instead of the standard Thawte info.

    Steverio, you'd be amazed at how many people don't either wish to learn, or even understand the value of encryption and email. I always use the analogy of sending our mail with no envelope, just bare, so that the entire world can read what your doing/sending to others. Anyone that wouldn't like that with their physical mail, needs to encrypt their email. Thanks guy's.
     
Loading...
Thread Status:
Not open for further replies.