[9166] in bugtraq
Re: Outlook 98 Security "Feature"
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@VT.EDU)
Fri Jan 22 12:59:13 1999
Date: Thu, 21 Jan 1999 17:02:22 -0500
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis.Kletnieks@VT.EDU
X-To: Paul Leach <paulle@MICROSOFT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Thu, 21 Jan 1999 10:47:46 PST."
<CB6657D3A5E0D111A97700805FFE65875D7E04@RED-MSG-51>
--==_Exmh_1954492262P
Content-Type: text/plain; charset=us-ascii
On Thu, 21 Jan 1999 10:47:46 PST, you said:
> > From: Todd Beebe [mailto:todd@INTERNETWORKING.COM]
> > After successfully receiving incoming email which is signed and
> > encrypted(Using Verisign Certificates on both ends), the
> Since the error message from Outlook means that it can't find the keys of
> any of the recipients in order to encrypt the reply, exactly _how_ do you
> expect it to do so?
Now, I may mis-understand public key encryption, but..
If it was *signed* and *encrypted* both, that means it was encrypted
with the other person's private key to sign, then your public key to
encrypt.
You then decrypt with your private key, and verify signature with the
other person's public key. If it was received correctly, you must
have both of these keys.
So why don't we have our private key and the other person's public key
when it comes time to send an ecrypted/signed reply?
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_1954492262P
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
Version: 2.6.2
iQCVAwUBNqej7dQBOOoptg9JAQGofQQAwCZ/b+KWSH7eFQpfEFZsB0UFMywGzWzD
pZhT48sTziin3DelRUIIJdSOs05lWa1lw6S8wlIiluuFzzUNQ74tzzb4mo2J7iKh
uRaHz9+xwWwC0rxbIm7xe6B+yVDFOs0r6ld0ahgxQ4s1F80Xwf3ZCOPENlxl3x6n
j6uHhFgprPs=
=eeS1
-----END PGP MESSAGE-----
--==_Exmh_1954492262P--
