A question about Advanced Security infrastructure with Exchange Server

[krish shenoy[MS]]

There are two aspects of using certificates for SMIME. Signing email and
encrypting email.
The following article describes using Win2k CA with exchange
http://www.microsoft.com/technet/tr...ge/exchange2000/maintain/optimize/win2kms.asp

 

[-]

Hi to All,



I have running up a CA Server on Win2k SP3 and KM on Exch. 5.5 SP3 server,
which is seems working well ( I didn't found a way to publish the
certificates to AD as well), and client Outlook 2000 SP3 + Security patch.



And here is the scenario:



1. Users A, B and C are members of the Domain Users of the Domain.



2. User A is sending an encrypted and signed message to User B.



3. User B can open the message using his key, then by "Save as" export that
message.



4. User C is taking the message and using his key can open it ?!?



As far as I'm understanding, the main idea of the certificates is to ensure
that the message sent to exact person can be open only from him and he can
be sure that message is sent from that other one.



Any suggestion will be highly appreciated.