Re: Outlook 98 Security "Feature"

From: Jason Witty (jasonat_private)
Date: Thu Jan 21 1999 - 14:23:58 PST

Next message: mnemonix: "Follow up - IIS 4 logging"

Previous message: Phil Stracchino: "Re: Sendmail 8.8.x/8.9.x bugware"
Maybe in reply to: Todd Beebe: "Outlook 98 Security "Feature""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have noticed this same type of behavior using Outlook '98 and a
Verisign Personal Certificate.  If, however, you do the following, it
will encrypt the reply:

1) Ensure the recipient is listed in your local contacts folder, and
that you have their public key (certificate).
2) When replying, erase the TO: field.
3) Click on the TO: button and change the "Show names from the:" box to
read "Contacts".
4) Select that person's alias form the local contacts folder, and click
the "To->" button.
5) Send the message

I realize this is highly "cludgy", but it seems to work.  Hopefully
Micro$oft really IS working on a fix..........

Jason

Paul Leach wrote:
>
> > -----Original Message-----
> > From: Todd Beebe [mailto:toddat_private]
> > Sent: Saturday, January 16, 1999 6:57 PM
> > To: BUGTRAQat_private
> > Subject: Outlook 98 Security "Feature"
> >
> >
> > The basic problem is "replying to an encrypted email fails".
> > Heres what I
> > initially sent to Microsoft on Sept. 11, 1998
> >
> > ***Start incident to Microsoft***
> >
> > After successfully receiving incoming email which is signed and
> > encrypted(Using Verisign Certificates on both ends), the
> > following error
> > dialog box appears when trying to send the reply(default
> > action is to both
> > sign/encrypt outbound email):
> >
> >   ERROR: Non-Secure Recipients
> >
> >   None of the recipients can process an encrypted message.
> > You can either
> > proceed with an unencypted message or cancel the operation.
> >
> >   [Don't Encrypt Message] [Cancel]
> >
> > ***End incident to Microsoft***
> >
> > I don't think an encrypted email that I receive, should be
> > unencrypted when
> > I reply, and require me to Forward the reply to any and all
> > recipients.
> > Shouldn't the default be to encrypt all replies to encrypted email?
>
> Since the error message from Outlook means that it can't find the keys of
> any of the recipients in order to encrypt the reply, exactly _how_ do you
> expect it to do so?
>
> It appears that Outlook indeed wants to encrypt the reply, as you desire,
> and can't. So, there may be a bug here, but I seriously doubt that it is
> what you claim.
>
> Paul

Next message: mnemonix: "Follow up - IIS 4 logging"
Previous message: Phil Stracchino: "Re: Sendmail 8.8.x/8.9.x bugware"
Maybe in reply to: Todd Beebe: "Outlook 98 Security "Feature""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:47 PDT