[9159] in bugtraq
Re: Outlook 98 Security "Feature"
daemon@ATHENA.MIT.EDU (Paul Leach)
Thu Jan 21 16:54:22 1999
Date: Thu, 21 Jan 1999 10:47:46 -0800
Reply-To: Paul Leach <paulle@MICROSOFT.COM>
From: Paul Leach <paulle@MICROSOFT.COM>
X-To: Todd Beebe <todd@INTERNETWORKING.COM>
To: BUGTRAQ@NETSPACE.ORG
> -----Original Message-----
> From: Todd Beebe [mailto:todd@INTERNETWORKING.COM]
> Sent: Saturday, January 16, 1999 6:57 PM
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Outlook 98 Security "Feature"
>
>
> The basic problem is "replying to an encrypted email fails".
> Heres what I
> initially sent to Microsoft on Sept. 11, 1998
>
> ***Start incident to Microsoft***
>
> After successfully receiving incoming email which is signed and
> encrypted(Using Verisign Certificates on both ends), the
> following error
> dialog box appears when trying to send the reply(default
> action is to both
> sign/encrypt outbound email):
>
> ERROR: Non-Secure Recipients
>
> None of the recipients can process an encrypted message.
> You can either
> proceed with an unencypted message or cancel the operation.
>
> [Don't Encrypt Message] [Cancel]
>
> ***End incident to Microsoft***
>
> I don't think an encrypted email that I receive, should be
> unencrypted when
> I reply, and require me to Forward the reply to any and all
> recipients.
> Shouldn't the default be to encrypt all replies to encrypted email?
Since the error message from Outlook means that it can't find the keys of
any of the recipients in order to encrypt the reply, exactly _how_ do you
expect it to do so?
It appears that Outlook indeed wants to encrypt the reply, as you desire,
and can't. So, there may be a bug here, but I seriously doubt that it is
what you claim.
Paul
