Message and Transport
Security
Message security encompasses two
main areas: message encryption (using
cryptography to protect the actual
message from inspection by unauthorized parties) and transport encryption
(using cryptography to protect discrete connections between components of the messaging system).
Message encryption. Message
security has clear implications for
your DCAR solution. In particular,
you need to consider the following
questions:
- If you use Secure MIME (S/MIME),
which Exchange supports, does
your archiving solution support it?
- Does your archiving solution
archive older certificates, so that
you can still view email messages
encrypted with them?
- How do you protect, back up,
and restore whatever public key infrastructure (PKI) you use with
S/MIME? (And although pretty
good privacy—PGP—isn't optimal
for DCAR, if you use it, ask yourself
how you'll protect, back up, and
restore your users' keyrings
encrypted with PGP.)
- Can your policy-compliance software handle encrypted email messages?
- Are you required to protect message integrity through every hop of
your network?
- Can attackers (whether internal or
external) eavesdrop on unencrypted transport links?
Exchange 2003 and Exchange 2000
come with strong support for
S/MIME; the Exchange 2003 version
of OWA extends this support to OWA
users. However, the practical considerations of deploying and managing
the requisite PKI, dealing with the
content-inspection challenges, and
archiving keys tend to make the use of
S/MIME unattractive for most organizations unless they're required to use
it (e.g., government Exchange deployments). . . .
Register
