On 8/5/07 6:21 PM, Jim Robertson deftly typed out: > 1. One of my partners uses hotmail, and I've read that web-based email > cannot be digitally signed/encrypted. Is that correct?
I've yet to find a webmail service that supports S/MIME certificates. One problem with webmail support of S/MIME certs, and possibly the reason none support it, is that your public AND private keys would have to be uploaded and stored by the service. I doubt any of these services want to be held responsible for the compromise of *that* bit of private info and most people who care enough about security/privacy to get a cert, wouldn't trust them with it anyway. > 2. Since I regularly move the latest copy of my Entourage database from my > desktop to my laptop, I'm wondering what happens to my certificates and > those I've received from others. Do they move seamlessly along with the > database file? If not, is there a simple way to move them from one Mac to > another? Where are they if not embedded in the database file? I believe that your own certs are stored in the Keychain (specifically your "Login" keychain). It *appears* that the public certs for those you correspond with are in fact stored in the database (or some other office file) as they are not in the Keychain, but are available in Entourage. > Thawte is widely recommended as a Mac-supporting > company, so I just picked FireFox (even though I was using Safari). When I > downloaded the cerficate, I have no idea where it ended up on my computer, > but when I asked Entourage to use it, the program had no trouble doing so. When I went through the process, the certificate gets installed in Firefox's cert list which is private to Firefox (possibly shared with Thunderbird?). I exported the certs from there and imported them using the Microsoft Cert Manager application, which installed them in the Keychain. > However, when I tried to encrypt email and send it to someone from whom I'd > not received a digitally signed email already, I was told I didn't have the > appropriate certificate installed. You *have* to have the recipient's public key to send them encrypted email. Once a message is encrypted with a public key only the matching private key can decrypt it. If you don't have the public key, you can't encrypt it in any method that the private key can decrypt. Some mail clients (Thunderbird specifically) won't even let you encrypt a message unless you have a private cert. Technically that's not needed if you're not planning on signing the message, but Thunderbird won't let you. This may be because the assumption is that any reply would want to be encrypted as well, and if you don't have a private key, that can't happen. I don't know if Entourage will let you encrypt without having a private key. > A window opened which I ***THINK*** was > entitled something like certificate assistant. It offered to open an LDAP > server named "Bigfoot", but then said it couldn't find or log on to the > server. Is this something I'm supposed to configure? That's an attempt by Office to locate a publicly posted public key for the recipient. That service never really took off and Bigfoot doesn't even offer that service anymore that I'm aware of. That feature is really a hold-over from a time when you *could* lookup public certs in public LDAP servers. > Anyone who's read this far whose traveled these waters already: I'd be very > appreciative of any tips, advice, cautionary tales, etc. My immediate need > is to make certain I can duplicate the ability to send/receive secure and > encrypted mail from within Entourage on BOTH my dual G5 desktop machine > (where I've set it up already) and my MacBook Pro (where I've done nothing > yet). I *believe* the public certs for your correspondents will travel with the database, but that your certs will need to be installed in the Keychain on both machines. I don't have any experience trying this, however. -Remo Del Bello -- "For every complex problem there is an answer that is clear, simple, and wrong." - H L Mencken -- To unsubscribe: <mailto:[EMAIL PROTECTED]> archives: <http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/> old-archive: <http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
