Person-to-Person Key Exchange
Person-to-Person Key Exchange (PPKE) is new in Exchange 5.0. This feature
lets people send a certificate containing their public keys to users in another
Exchange organization, as shown in Screen 9. After organizations exchange keys,
they can exchange encrypted messages. Users can hold the key information in a
personal address book (PAB), but keeping it there renders it static data. If a
certificate is revoked or altered, Exchange does not automatically replicate the
change to PABs; mail encryption stops.
Third-Party Security Products for Exchange
Exchange's advanced security features provide all the protection most users
need. However, some users require even better security, and that's where
third-party security extensions can help. People usually use third-party
extensions to get two kinds of security features: algorithms that are harder to
break and the ability to exchange key information with people who don't use
Exchange.
As I noted earlier, Exchange supports 40-bit, 56-bit, and 64-bit encryption
algorithms. However, because of US government restrictions, the 40-bit algorithm
is the only one available to someone like me, who doesn't live in the US
or Canada. I'd like my mail to be as secure as anyone else's; however, data
encrypted with a 40-bit key can be decrypted with less effort than you might
imagine. The basic rule of encryption is that the longer a key is, the harder it
is to break. Until Microsoft opts to exploit its new license to use 128-bit
encryption inside Exchange, anyone outside the US or Canada who wants highly
secure mail must look beyond Exchange advanced security.
Third-party security products belong to one of two camps: products that
depend on a CA similar to the one Exchange uses and products that use public and
private key pairs and rely on personal administration and distribution of the
keys. The best-known example of the second approach is Pretty Good Privacy
(PGP). The CA style provides the basis for almost all SSL and other Web-based
security today, because managing security is easier when you have a central
point of reference. Personally distributing keys is difficult to manage in a
large-scale or distributed enterprise, and the system relies heavily on user
cooperation and knowledge.
More and more products appear in this space all the time, and notable
recent arrivals include MailSecure for Exchange (Baltimore Technologies) and
Secure Messenger for Exchange (Deming Software). Both products are plug-ins to
the Exchange or Outlook MAPI clients and add security options to the client
menus. Both products use the Secure MIME (S/MIME) protocol to send encrypted
messages between users of any mail system that supports S/MIME. Of course,
any public and private key scheme works only when users make their public keys
available to their intended correspondents, so both MailSecure and Secure
Messenger can generate and distribute keys, much like the PPKE feature in
Exchange. The combination of S/MIME support and the ability to distribute keys
makes these keys well-suited for a heterogeneous messaging environment or for
implementing advanced security between two Exchange organizations.
MailSecure is especially interesting for installations outside the US
because the encryption algorithms did not originate in the US, and therefore,
the US government cannot restrict them. Instead of the 40-bit algorithm Exchange
currently offers, MailSecure uses a 128-bit algorithm, which provides a huge
increase in security. A CA is available for MailSecure (UniCERT). The CA is an
important component of a secure mail system, so its availability is an important
plus for MailSecure.
These products aren't the only offerings on the market. Entrust
Technologies' Entrust/Express extension for both Exchange and Outlook clients is
in beta testing. A browse through the Exchange mailing list reveals a number of
PGP extensions for Exchange. Most of these extensions are shareware or freeware,
but commercial products based on PGP are also appearing.
Third-party security plug-ins cost money. Expect to pay between $50 and
$100 per license, depending on the quantity you buy. Inevitably, you will face
some questions about buying third-party software when Exchange provides advanced
security in the base product, so be ready to justify your decision. Also, keep
in mind that client technology evolves; make sure that your selected vendor is
able and willing to keep its software up-to-date. Be sure to factor the cost of
upgrades into your decision.
Plan Before You Deploy
We've covered a lot of ground in this article, and I hope you can use the
information to fine-tune your organization's security or help you decide
how to best deploy secure mail in your enterprise. The important thing to
remember is to plan first before plunging into deployment.