[9095] in bugtraq
Outlook 98 Security "Feature"
daemon@ATHENA.MIT.EDU (Todd Beebe)
Sun Jan 17 23:52:03 1999
Date: Sat, 16 Jan 1999 20:57:17 -0600
Reply-To: Todd Beebe <todd@INTERNETWORKING.COM>
From: Todd Beebe <todd@INTERNETWORKING.COM>
To: BUGTRAQ@NETSPACE.ORG
I have spent the last 4 months with Microsoft Support trying to resolve this
issue with no success, so I am forwarding it to Bugtraq for review.
The basic problem is "replying to an encrypted email fails". Heres what I
initially sent to Microsoft on Sept. 11, 1998
***Start incident to Microsoft***
After successfully receiving incoming email which is signed and
encrypted(Using Verisign Certificates on both ends), the following error
dialog box appears when trying to send the reply(default action is to both
sign/encrypt outbound email):
ERROR: Non-Secure Recipients
None of the recipients can process an encrypted message. You can either
proceed with an unencypted message or cancel the operation.
[Don't Encrypt Message] [Cancel]
***End incident to Microsoft***
After months of no answer, or "Closed by Microsoft Support Engineer", when
the case was still open, heres Microsofts response:
***Start Microsoft Reply***
I have researched this issue. The replies are not encrypted in order to
preserve the security level of the messages. You have to use Forward and
re-select the contact to send an encrypted e-mail. This also occurs with the
current build of Outlook 2000.
I can submit this as a "wish," but right now this is a "by design" issue.
***End Microsoft Reply***
I don't think an encrypted email that I receive, should be unencrypted when
I reply, and require me to Forward the reply to any and all recipients.
Shouldn't the default be to encrypt all replies to encrypted email?
Is this the standard with other email packages using encryption?
