I would like to put in a suggestion for security features for Entourage. This is being driven by a recognition that more and more business sensitive materials are being sent via e-mail, and that most persons have a mix of both personal and business mail on their systems.
1. Full support for certificate based security to be compatible with Windows Outlook and Netscape products. Both full encryption of a message and signing need to be supported. 2. Support for multiple personal certificates, ideally on an account by account basis, but minimally on an e-mail address by e-mail address basis. I have multiple certificates depending on which business or private relationship the message relates to. 3. Selection of the certificate to be used to sign or encrypt should be a drop down menu on the message composition window (the space to the right of the account selection drop down in the current composition would be ideal). If there is no personal certificate associated with the account, the dropdown menu need not appear. 4. Automatic capture and association by email address with contact record of received personal certificates from message senders. The e-mail address list in the contact e-mail panel should have a method to set the default certificate to be used with each email address in case multiple certificates are received. 5. When selecting message recipients, in the To:, CC: and BC: dialog, the associated certificates should be selectable (again, a drop down to the right of the address may be the best way to accomplish this). 6. Reply and reply all should use the same certificate as was used when the message was received if possible, and warn if one or more recipients will receive an unencrypted copy of the message. 7. It should be possible to encrypt a message in the case where the recipients have certificates but the sender does not. 8. The mail preferences should set the default behavior for signing (always, never), and encryption (always, if possible & warn if no cert available, if possible, never). Storing messages in the database is a bit more of an issue, and it is not clear to me how best this could be handled. Messages could be stored encrypted or in the clear. If stored encrypted, they would be more secure but then the searching features may not be able to index them. I suppose the best is to offer a choice�. -- Eric Hildum -- To unsubscribe: <mailto:[EMAIL PROTECTED]> archives: <http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/> old-archive: <http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
