The following is tip #15 from "20 Tips on securing Outlook in 20 minutes," excerpted from a chapter in Paul Robichaux's book, Secure Messaging with Microsoft Exchange Server 2003 © 2004, published by Microsoft Press. Return to the main page for more tips on this topic.
The Encrypted E-Mail control group on the Security tab allows you to set the defaults you want Outlook to use for S/MIME traffic.
You can choose to sign, encrypt, or sign and encrypt outbound messages by selecting the appropriate check boxes. In addition, you can choose whether signed messages should be clear-signed or opaque-signed and whether or not you want your messages to include requests for signed return receipts.
The most interesting control in this group is the Default Setting drop-down list and the associated Settings button; that's because these settings control the algorithms and message format you use when sending secure mail. When you click Settings, the Change Security Settings dialog box opens. Each security settings object contains your preferences for the certificate you want to use for signing and encrypting messages and the algorithms you prefer for each use. The controls in the dialog box are self-explanatory, so instead of reiterating what they do, it's more useful for me to explain why they're there in the first place.
Remember that a certificate is just a credential. We all carry around multiple credentials: my driver's license isn't useful at the video store, and my bank card isn't useful when I want to board an airplane -- each credential has its own purpose and set of attributes.
Likewise, it's increasingly common for organizations that deploy PKIs to issue separate certificates for different purposes: every user might get one for signing e-mail, but only the legal and merger departments might need one for encryption, and only the IT department gets certificates that can be used to sign macros or Office objects.
This partitioning means that it might be useful to specify different algorithms or certificates for signatures and encryption, or even to maintain different "work" and "home" settings for users with business and personal certificates. That's one reason Outlook supports multiple sets of credentials, the other being its support for security labels (part of the DMS support included in Outlook).
Get more "20 Tips on securing Outlook in 20 minutes!" Return to the main page.
About the author: Paul Robichaux is a partner at 3sharp LLC, author of several books on Exchange, Windows, and security, a Microsoft MVP for Exchange Server, and a frequent speaker and presenter at IT industry conferences. He's written software for everyone from the US National Security Agency to scientists flying their experiments aboard the Space Shuttle, fixed helicopters in the desert, and spent way too much time playing video games.