At Sunday, July 30, 2006 10:27 AM, Thor (Hammer of God) wrote: > When I said "RMS-enabled applications," I was talking about actually > enabling the applications to use RMS functions by joining the > machines to an RMS infrastructure. Just because I have Outlook > doesn't mean that you can send me an SMTP email and set some > arbitrary permissions on it that prevent me from forwarding it. Now, > if you really want to, you can have a non-RMS, untrusted recipient > receive the message via MSIRMS, but then they have to have a passport > account that you already have explicit knowledge about and they have > to have specific RMS voodoo dolls installed.
Yes, but if you aren't part of the of the RMS infrastructure (whichever one it might be), you can't access the content in the message -- you can't even decrypt it to begin with, because you don't have the necessary certs and policies. So even if you do get a copy of protected content, it doesn't do you any good -- you can't open it up in a non-RMS-aware app and circumvent the protection. (If you could, it would be a useless technology, both from a technical and a legal standpoint). >From that standpoint, an RMS solution *does* have value in protecting content once it leaves the organization. Ideally, however, the RMS solution itself will prevent the content from being sent to non-authorized external users -- but if it doesn't, they're not going to be able to do much with it unless they work for the NSA. I've got a couple of RMS-protected documents sitting on my hard drive that I'm precisely in this situation with, because my RMS extensions aren't configured properly and I can't get the certs I need to open the content! -- Devin L. Ganger Email: [EMAIL PROTECTED] 3Sharp LLC Phone: 425.882.1032 15311 NE 90th Street Cell: 425.239.2575 Redmond, WA 98052 Fax: 425.702.8455 (e)Mail Insecurity: http://blogs.3sharp.com/blog/deving/ --------------------------------------------------------------------------- ---------------------------------------------------------------------------
