Email encryption and signing

[Phal]

I looked into this a while back for a customer and found it was a bit of a pain to setup encryption for Exchange 2003 and also saw that Exchange 2007 and 2010 were a lot better at this.

Fast forward a year or two and now we have a few other customers who have a requirement for email encryption and signing rather than just encryption.

This requirement has come as a result of them dealing with the same company and this company has stipulated a method that involves invidual certificates being needed for each user that will be emailing them.

Is this a commonplace thing? Individual certificates seems like a pain in the ass but I guess if they absolutely require individual signing then I guess individual certificates are a must?

 

[Phal]

Yeah they've specified some particular certificate issuers we should use so they are compatible etc and the individual certs are $20 a year from there.

Individual certs just seems to be a daft way to do this kind of thing :/ I'm just wondering whether this is the norm for people who want emails signed/encrypted etc.

I've dealt with TLS encryption before between Exchange servers and that made sense to me. Exchange 2007/2010 supports TLS quite nicely now but 2003 was a bit of a pain. Faffing around with individual certs just seems like a crap way to do things lol

 

[Phal]

Yeah, the TLS encryption I've setup in the past was really to make sure messages going to external sources were encrypted.

Surely encryption using signed 3rd party certificates for TLS provides a fairly good level of authentication? Servers need to authenticate with each other before they will communicate?

The only thing I'm not sure about is whether Outlook can keep messages secure before they reach the Exchange server :/

Guess I need to do some research! In any case it seems that we will need to follow the instructions/methods they have specified for this case but invidual certificates seems like a lolkebab way of making work for yourself