July 19, Secure Messaging Models Co-existence and Interoperability Russell W. Chung New York, NY July 19, 2005
July 19, Agenda Secure Messaging Models End to End Secure Messaging Gateway to Gateway Secure Messaging Web Enabled Secure Messaging Hybrid Models Co-existence and Interoperability Importance of Interoperability Issues A Call to Action
July 19, End to End Secure Messaging Messages are encrypted by sender; remain encrypted until decrypted by recipient Messages are signed by sender; signature is verified by recipient Uses a combination of symmetrical and public key algorithms Established standards Examples: S/MIME, PGP
July 19, End to End Secure Messaging Certificate administration a challenge Internal: renewal, revocation, support External: cross certification Messages cannot be scanned for viruses Messages cannot be filtered for content
July 19, Gateway to Gateway Secure Messaging Messages are encrypted by outbound MTA typically at domain boundary, decrypted by inbound MTA Messages are signed by outbound MTA, typically at domain boundary, signature is verified by inbound MTA Uses a combination of symmetrical and public key algorithms Emerging standards Examples: TLS, SMG
July 19, Web Enabled Secure Messaging Variation #1 Sender deposits message in a secure web server, sends a URL link to recipient Recipient opens a web browser, establishes SSL session, authenticates to server, reads message Variation #2 Sender encrypts message with a one-time use key, deposits key in a secure web server, sends encrypted message together with instructions to retrieve key Recipient authenticates to server, retrieves key, reads message
July 19, Web Enabled Secure Messaging Procedures for issuing certificates, key distribution and authentication of senders and recipients vary by service provider Components of these systems are based on standards Examples: ZixCorp, PostX, HushMail
July 19, ZixCorp
July 19, PostX
July 19, HushMail
July 19, HushMail
July 19, Co-existence and Interoperability Co-existence - ability to utilize existing SMTP infrastructure to send unsigned/unencrypted messages between users of different secure messaging models Interoperability - ability to send an encrypted or signed message between users of different secure messaging models
July 19, Importance of Interoperability “One size does NOT fit everyone” Lack of interoperability creates islands of secure messaging Lack of interoperability prevents growth of secure messaging Lessons Learned Networking history history
July 19, Issues S/MIME, PGP, Web Enabled SMG Certificate Interoperability Certificate Exchange Certificate validation S/MIME, PGP > Web Enabled Transparent to senders but recipients may need credentials for multiple service providers In General Establishing and maintaining trust Patents
July 19, Call to Action
July 19, Secure Messaging Models Russell W. Chung earthlink.net