When you connect to a website, your browser sets up a direct connection—called a channel—between
your machine and the web server. Because the channel is a direct link,
it’s relatively easy to implement security because all you have to do
is secure the channel.
However,
email security is entirely different and much more difficult to set up.
The problem is that email messages don’t have a direct link to a Simple
Mail Transfer Protocol (SMTP) server. Instead, they must usually hop
from server to server until they reach their final destination. Combine
this with the open and well-documented email standards used on the
Internet, and you end up with three email security issues:
Privacy—
Because messages often pass through other systems and can even end up
on a remote system’s hard disk, it isn’t that hard for someone with the
requisite know-how and access to the remote system to read a message.
Tampering—
Because a user can read a message passing through a remote server, it
comes as no surprise that he can also change the message text.
Authenticity— With the Internet email standards an open book, it isn’t difficult for a savvy user to forge or spoof an email address.
To solve these issues, the Internet’s gurus came up with the idea of encryption. When you encrypt a message, a complex mathematical formula scrambles the message content to make it unreadable. In particular, the encryption formula incorporates a key value. To unscramble the message, the recipient feeds the key into the decryption formula.
Such single-key encryption works, but its major drawback is that both the sender and the recipient must have the same key. Public-key encryption overcomes that limitation by using two related keys: a public key and a private key.
The public key is available to everyone, either by sending it to them
directly or by offering it in an online key database. The private key
is secret and is stored on the user’s computer. Here’s how public-key
cryptography solves the issues discussed earlier:
Privacy—
When you send a message, you obtain the recipient’s public key and use
it to encrypt the message. The encrypted message can now only be
decrypted using the recipient’s private key, thus assuring privacy.
Tampering—
An encrypted message can still be tampered with, but only randomly
because the content of the message can’t be seen. This thwarts the most
important skill used by tamperers: making the tampered message look
legitimate.
Authenticity—
When you send a message, you use your private key to digitally sign the
message. The recipient can then use your public key to examine the
digital signature to ensure that the message came from you.
If
there’s a problem with public-key encryption, it is that the recipient
of a message must obtain the sender’s public key from an online
database. (The sender can’t just send the public key because the
recipient would have no way to prove that the key came from the
sender.) Therefore, to make this more convenient, a digital ID
is used. This is a digital certificate that states a trusted certifying
authority authenticates the sender’s public key. The sender can then
include his or her public key in outgoing messages.
Setting Up an Email Account with a Digital ID
To send secure messages using Windows Live Mail, you first have to obtain a digital ID. Here are the steps to follow:
1. | In Windows Live Mail, click Menus (or press Alt+M), and then click Safety Options to display the Safety Options dialog box.
|
2. | Display the Security tab.
|
3. | Click Get Digital ID. Internet Explorer loads and takes you to the Microsoft Office Marketplace digital ID page on the Web.
|
4. | Click a link to the certifying authority (such as VeriSign) you want to use.
|
5. | Follow
the authority’s instructions for obtaining a digital ID. (Note that
digital IDs are not free; they typically cost about $20 per year.)
|
With your digital ID installed, the next step is to assign it to an email account:
1. | In Windows Live Mail, press Alt to display the menu bar, then select Tools, Accounts to open the Internet Accounts dialog box.
|
2. | Select the account you want to work with and then click Properties. The account’s property sheet appears.
|
3. | Display the Security tab.
|
4. | In the Signing Certificate group, click Select. Windows Live Mail displays the Select Default Account Digital ID dialog box.
|
5. | Make
sure to select the certificate that you installed and then click OK.
Your name appears in the Security tab’s first Certificate box.
|
6. | Click OK to return to the Internet Accounts dialog box.
|
7. | Click Close.
|
Tip
To
make a backup copy of your digital ID, open Internet Explorer and
select Tools, Internet Options. Display the Content tab and click
Certificates to see a list of your installed certificates (be sure to
use the Personal tab). Click your digital ID and then click Export.