none
How is it possible for e-mail encryption to be secure when using a CA?

    Question

  • How is it possible for e-mail encryption to be secure when using a CA?  I started into the process, and they wanted to know my E-mail address, and then THEY were going to install it in my machine so I could use it with my Outlook.  One BIG problem with that scenario is, unlike when doing a CSR request, the CA has everyone's private key.  I assume from that this is what forms the profit motive behind free e-mail certificates.  Tell me where I'm wrong?
    Thursday, July 25, 2013 10:42 PM

Answers

  • Hi,

    In such scenarios we would suggest you to check with CA authorities and have your doubts cleared. Microsoft here has no role to play. We can troubleshoot Technical Issues here at Microsoft. But anything regards to security or integrity you need to contact the CA and sort the issue related to confidentiality of the emails

    Hope this helps

    Tuesday, August 06, 2013 3:35 AM

All replies

  • What's the type of email account you are using? Exchange, POP3, IMAP or live account?

    Are we talking about using IRM for e-mail messages?

    http://office.microsoft.com/en-us/outlook-help/introduction-to-using-irm-for-e-mail-messages-HA010100366.aspx

    A bit more information about your exact steps how you got to this point would be helpful.

    Cheers,
    Tony Chen
    Forum Support
    ________________________________________
    Come back and mark the replies as answers if they help and unmark them if they provide no help.
    If you have any feedback on our support, please contact tnmff@microsoft.com.

    Sunday, July 28, 2013 2:54 AM
  • Hi,

    Just checking in to see if the information was helpful. Please let us know if you would like further assistance.

    Cheers,
    Tony Chen
    Forum Support
    ________________________________________
    Come back and mark the replies as answers if they help and unmark them if they provide no help.
    If you have any feedback on our support, please contact tnmff@microsoft.com.

    Wednesday, July 31, 2013 4:46 AM
  • POP3, no IRM.  However, I don't believe that matters with regard to E-mail certs.  The point is, unlike regular certs, the CA is doing the install WITHOUT a CSA being generated from a private key that I only have access to.  If that's the case, I must be getting the private key and cert from the CA, which means they have both the private and public key, meaning others can easily read the encrypted messages without my knowledge.
    Wednesday, July 31, 2013 1:21 PM
  • Hi,

    In such scenarios we would suggest you to check with CA authorities and have your doubts cleared. Microsoft here has no role to play. We can troubleshoot Technical Issues here at Microsoft. But anything regards to security or integrity you need to contact the CA and sort the issue related to confidentiality of the emails

    Hope this helps

    Tuesday, August 06, 2013 3:35 AM