> -----Original Message-----
> From: Jason Haar [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 31 August 2000 2:30 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Mail Serve Security
>
>
> On Tue, Aug 29, 2000 at 07:52:55PM -0500, Frank Knobbe wrote:
> > Wrong. You don't need NetBIOS to connect with MAPI. Exchange uses
> >....
> > If you configure Outlook to encrypt the traffic, no one will be able
> > to read your email (at least not without some effort in decrypting
> > it). The scary piece is the RPC port, but you can implement safe
>
> Sorry to burst in on the parade, but Outlooks so-called
> "encryption" was
> broken last week - apparently it's just another XOR routine :-/
Absolute FUD.
Thread here: http://marc.theaimsgroup.com/?t=96692956800003&w=2&r=1
Turns out that MAPI is (badly) obfuscated. This does not call into question
any of the real crypto in Outlook. One of the messages in the thread (by the
original author) actually puts it into more perspective:
(At: http://marc.theaimsgroup.com/?l=samba-technical&m=96700780902400&w=2)
[Luke Kenneth Casson Leighton ]
"but seriously, the purpose of 10100101 is to make cleartext less readable.
for encryption, you use DCE/RPC's NTLMSSP, with sign and seal requested.
MAPI's job is not to encrypt, but to do mail.
NTLMSSP's job is to authenticate, sign and seal."
If anyone knows of any _real_ problems with the crypto in Outlook, I'd love
to know about it. However, my understanding remains that Outlooks supports
SSL for POP and SMTP and S/MIME and PGP (using a plugin) for message content
confidentiality.
Encryption between a DMZ server and a trusted mail host is a different
problem. We all know that the local wire can be sniffed. Better crypto in
Outlook won't change that. Running IPSec over your LAN with crypto
offloading NICs might.
The key issue folks here are worried about is how to secure their mail
through untrusted channels, like the Internet. There's enough working crypto
in Outlook to do that. If _that's_ busted I'd actually be interested.
> Jason Haar
Cheers,
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
