Make your Emails Secure
Solutions to ensure email security
on the Internet
Contents
A simple fact about your emails
Possible options available
What can I do with Digital Certificates
What do I require
How do I setup security for my emails
Key escrow & government access to keys
List of certificate authorities
You should also know....
A Simple Fact About Your Emails
Normal emails sent on the internet can be easily viewed and tampered
by a third party.
Sending emails is actually like sending postcards by mail, where your
contents can be easily viewed and altered without your knowledge.
Email, like conversations, should be private.
But, as pointed out by the media on a daily basis, intercepting email
is far from difficult, given the right software and ingenuity. The text
of an email can be "stolen," as well as the valuable confidential documents
attached to an email. As more and more individuals use the Internet for
communication, more and more personal information is at risk.
Back to top
Possible Options Available
Two widely used technologies on the Internet for the purpose of security
are:
-
PGP (Pretty Good Privacy), and
-
Digital Certificates (also called digital passports, X.509 certificates,
or public-key certificates).
Back to top
What can I do with Digital Certificates
A Digital Certificate is the best guarantee of identity across the Internet
for the purpose of authentication, email encryption and email signature.
Think of Digital Certificates as the electronic equivalent of driver
licenses or passports that reside in your Internet browser and e-mail software.
They contain information that uniquely identifies you, and allow you to:
•Digitally sign a message so your recipient knows that a message really
came from you.
•Encrypt a message so your intended recipient can decrypt and read
its contents and attachments.
By digitally signing and encrypting your e-mail you can ensure that
your confidential messages and attachments are protected from tampering,
impersonation and eavesdropping.
Using your Digital Certificate easy with the point-and-click interfaces
in all of the popular browsers and e-mail packages.
Back to top
What do I require
Most modern web browsers, such as Microsoft Internet Explorer 3.x and
Netscape Navigator 3.x and later allow you to request a personal certificate
from Certificate Authorities and use it to authenticate yourself to a web
server. Certificate-based authentication is much stronger and more secure
than password-based authentication.
You can also use your Personal Certificate to secure your email communications.
Personal Certificates are trusted out of the box by all major S/MIME-compliant
secure mail clients, such as Microsoft Outlook Express and Netscape Communicator
4.x. S/MIME has been adopted by most messaging vendors as the leading mail
and messaging security standard.
Some Certificate Authorities do not charge a fee for a Personal
Certificate, and have your email address authenticated for S/MIME secure
email. Click here to view the list of Certificate Authorities..
Back to top
How do I setup security for my emails
-
Ensure that you have a S/MINE-compliant secure mail client, such as Netscape
Communicator 4.x or Microsoft Outlook Express.
Back to top
Key Escrow and Government Access to
Keys
Encryption and digital signatures are the only tools individuals have
in the fight to protect their online privacy. The security of this system
is based on the belief that the individual, and only the individual, has
a copy of the private key used for decryption and signature. However, in
an attempt to snoop on the communications of their citizens and those of
other countries, some governments have suggested that these private keys
should essentially be copied and held by law enforcement officials as well.
This is tantamount to handing over your house keys and the ability to sign
your name on a document.
We view with dismay recent attempts by the USA to mandate key escrow
and recovery. Such rules are both impractical and Orwellian. We strongly
encourage you to take what action you can to make your opinion on this
topic clear and public.
Back to top
List of Certificate Authorities that
issue Digital Certificates
Thawte Consulting
Thawte has representatives in 20 countries, providing first-class local
support and service. We offer personal certificates for SSL, S/MIME, and
Netscape code signing. Try Thawte's Freemail program at no charge.
VeriSign
VeriSign is the leading provider of digital authentication products
and services. The first commercial CA, VeriSign has issued Digital IDs
for almost every secure Internet server worldwide. Strict verification
and security practices, enforced through automated background checks and
state-of-the-art security systems, ensure the integrity of every VeriSign
Digital ID.
Società per i Servizi Bancari -
SSB S.p.A.
The Trusted Certification Authority. SSB provides highly secured X.509
v1 v3 certificates on behalf of banks for Internet clients and servers,
financial services, and electronic commerce.
Internet Publishing Services
IPS provides server, client, and object-signing certificates based on
SSL standards. Response time is 24 hours for Spain and South America. For
more information, send email to ips@mail.ips.es.
Certisign Certification Digital
Ltda
The Brazilian Certificate Authority. With strong identity-checking procedures,
Certisign issues only high-assurance X.509 digital IDs for SSL-compliant
servers and clients.
BelSign
BelSign International, with local registration offices across Europe,
provides a range of digital certificates to Internet clients and servers
based on strict verification practices. Free demo certificates are available.
Back to top
Netscape Communicator's Security Terms
and Concepts...
This section describes terms and concepts you must know in order to
make your system and correspondence more secure.
About Electronic Security
Electronic security requires that
-
No unauthorized person can access data transmitted to or from you.
-
No unauthorized person can, without detection, forge your identity or the
identity of anyone whose certificate you hold.
-
No unauthorized Java applet can access your computer, and authorized Java
applets can only access your computer to an extent to which you approve.
While you cannot always ensure your communications are secure, you can
use certificates, encryption, and the Security Info window to make it less
likely you or others compromise security.
About Certificates and Digital Signatures
A certificate is an tamper-resistant file that identifies the individual
to whom it is issued and that provides you with tools so you can better
secure communications with others.
A certificate's contents depend on level of certificate it is. A basic
certificate contains:
-
The name the owner gave the signing authority.
-
A digital signature unique to the owner
-
A public key to match the owner's private key
-
A signature from the signing authority that issued the certificate.
You collect and distribute certificates when you send and receive signed
messages.
About Encryption
Encryption is scrambling information through the use of a public key,
which is included in a certificate you collect from a correspondent.
When you encrypt an outgoing message, you use your recipient's public
key to scramble the message in such a way that only your intended recipients,
can unscramble the message. Specifically, a recipient's certificate contains
a public key.
A correspondent uses your certificate in the same way when encrypting
messages to you. You cannot read an encrypted message or display
an encrypted web page without decrypting it.
To encrypt a message, you must have a valid certificate from each and
every recipient in the
message's address list. You cannot encrypt the message for only selected
recipients.
About Decryption
Decryption is unscrambling encrypted information transmitted to you.
When you open an encrypted message or connect to an encrypted web page,
you use
your private key to decrypt and display the message or web page contents.
You cannot read an encrypted message or display an encrypted web page
without decrypting it. You cannot decrypt messages or web pages:
-
encrypted with a certificate other than the one matching the one you own
-
on computers other than the one you used to obtain your certificate (unless
you export your certificate from your original computer and import it into
the computer you are currently using)
-
after the expiration date shown on your certificate
Keep your certificates and computer safe. Anyone accessing your certificates
or key database on your computer can decrypt your messages and sign outgoing
messages.
About Public and Private Keys
When you obtain your certificate for a signing authority, you generate
public and private keys:
-
A private key is an decryption code Communicator generates when you obtain
a certificate from an certificate issuer (signing authority). Communicator
stores your private key in your key database and uses it to decrypt information
encrypted with your public key.
-
A public key is an encryption code Communicator generates and stores in
your key database and includes it with your digital signature when you
sign an outgoing message or some other object you can sign and send. Whomever
receives and stores your public key can encrypt and send information to
you.
About Certificate Signers
Certificate signers are the companies or organizations that issue and
authorize certificates. You can use the Security Info
window to contact signers of certificates you hold. You can contact
signers when you need to obtain a certificate for yourself, update certificates,
and validate certificates.
Use the Signers,Certificate panel to view a list of certificate issuers
you can contact.
About Encrypted Web Pages
A server can encrypt a web page when transmitting the page data to your
browser. Your browser decrypts the message just before displaying it for
you. After receiving, decrypting, and viewing the page, it resides on your
computer in its unencrypted form.
Use the Navigator panel to configure your defaults for accessing encrypted
web pages.
Use the Security Info panel to display information about an encrypted
web page you are connecting to.
Use the Web Sites Certificates panel to display information about certificates
you have already accepted from Web sites.
About Encrypted Messages
Your Inbox receives and stores encrypted messages in their encrypted
state. You decrypt messages only when you open them.
Follow these rules in order to keep access to your messages uninterrupted:
-
Ensure you own a valid certificate.
-
Ensure recipients have your updated certificate.
-
Do not move your certificate from the computer used to obtain your certificate,
unless you export your certificate to other computers you use, and import
the certificate from each of those computers.
-
Do not forget your password.
-
Be prompt in updating expired certificates.
Back to top
COMMENTS? ARTICLES? Any comments or suggestions
are very much appreciated.
Please write in to ALLAN.LOW@GEOCITIES.COM
You are visitor number 
*Page
Last Updated on January 6, 1999