Presentation is loading. Please wait.

Presentation is loading. Please wait.

Signing and Encrypting Email With the Thawte Web of Trust CSU Professional Development Institute January 8, 2009 Steve Lovaas.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Signing and Encrypting Email With the Thawte Web of Trust CSU Professional Development Institute January 8, 2009 Steve Lovaas."— Presentation transcript:

1 Signing and Encrypting Email With the Thawte Web of Trust CSU Professional Development Institute January 8, 2009 Steve Lovaas

2 Why are we here? We need to send sensitive information  Interception and eavesdropping are possible  Want to control who can read our messages We want to give assurance of what we send  Phishing and other fraud is common  Want to be more sure of who sent a message

3 What are the possibilities? Symmetric encryption  We both share a password or “shared secret”  Old tactic  OK as long as the key stays secret  But how to transfer the keys safely? Asymmetric encryption  A pair of keys that share a mathematical relation  Publish one (public), keep the other secure (private)  Public keys used in certificates

4 Symmetric Encryption

5 Asymmetric/Public Key Encryption …and signing is just the reverse process…

6 The Issue with Public Key Encryption Trust  Do you trust someone enough to store the public keys and keep them safe?  More important, how does the storing entity know it can trust that you are who you say you are? (Why should it grant you a key pair?)

7 Options for Public Key Encryption Pay a commercial PKI vendor ($$$) Run our own PKI (but who would trust us?) Use a Web of Trust  Distribute who can make identity assertions  Thawte is a company that does this  It’s free!  We have multiple Thawte notaries at CSU

8 The Thawte Web of Trust Sign up for an account with Thawte  Can get a free email cert that claims you are a “Thawte freemail member” Gain enough identity assertion points from registered Thawte notaries that Thawte feels it can trust who you are  Can get a free email cert that claims you are YOU (by name)

9 Will it work on… YES:  CSU central Exchange  College Exchange servers  CSU central UNIX servers with IMAP client (Windows, Mac, Linux)  College IMAP server NO:  Webmail  Exchange OWA  Google mail (yet)

10 The 5 Steps: 1-2 (here today) 1. Sign up for an account with Thawte 2. Visit at least two notaries for assertions We’ll get this far today. The rest is dependent on your particular OS and mail client, so is best done at your desk.

11 Steps 3-5 (back at your desk) 3. Request an email certificate from Thawte (You have a step-by-step handout of these directions) 4. Install the certificate on your computer (directions depend on your email client, help is available on the ACNS web site) 5. Distribute the public key to the people with you want to sign/encrypt messages (either publish to the Global Address List or send manually- help available on the ACNS web site)

12 Need Help? Call me at 297-3707 Email me at Steven.Lovaas@ColoState.EDUSteven.Lovaas@ColoState.EDU Come by my office at 601 South Howes We want this to work for you!

Download ppt "Signing and Encrypting Email With the Thawte Web of Trust CSU Professional Development Institute January 8, 2009 Steve Lovaas."

Similar presentations

SCSC 455 Computer Security

SCSC 455 Computer Security
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Tony BrettOUCS Course Code ZAB 9 February 2004 E-Mail Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.

Tony BrettOUCS Course Code ZAB 9 February Security – Encryption and Digital Signatures Tony Brett Oxford University Computing Services February.

Similar presentations

Ads by Google