ES2ESUbiquitous end-to-end secure emailGeneral DescriptionIt seems reasonable in today's high tech environment to assume the secure exchange of messages. However, it is not. The vast majority of email still lies un-encrypted on servers and only recently has there been interest in protecting it during transfer between servers. Why?Encryption technology is relatively mature and widely available. It has even been a part of many popular email packages since 1999 based on the S/MIME protocol. Turning on this feature ensures messages, either in transit or lying on an intermediate server waiting for transfer, cannot be read by anyone other than its intended recipient. The reason this feature is not on by default lies in key management. Briefly, in order to send an encrypted message to a particular recipient, you need to have their key. These keys may be first exchanged between users or looked up on a server. Universal secure message exchange would require this server to have keys for every Internet user on the planet - a technical, security, and political impossibility. Hence, we have not seen secure email by default. However, there is one "database" that every device on the Internet is already connected to - the DNS. It is distributed and scale-able, and with DNSSEC, secure. Therefore, publishing keys in the DNS solves the key management problem. The last remaining hurdle is how to get email packages to lookup a recipient's key in the DNS and validate it with DNSSEC. This is where our ES2ES software comes in by converting between email address book and DNS formats and validating results with DNSSEC. | |||
| |||
Installing ES2ESES2ES is now a Windows Service. So after installation it automatically runs at startup. Just configure Outlook as follows.Configuring Outlook to use ES2ESFILE->Account Settings->Account SettingsAddress Books->New LDAP->Next Server Name = 127.0.0.1, Next OK Finish 127.0.0.1 address book visible. Close and restart Outlook. For the DNS/email hoster: Adding S/MIME certificates to your DNSSEC secured DNS
| |||
More about ES2ESIt basically is a miniature lightweight directory access protocol (LDAP) server that runs locally on your machine. Applications like Microsoft Outlook can directly query ES2ES for information that is otherwise unavailable and/or unsecured. Currently ES2ES is used to look-up S/MIME certificates in the public DNS (secured with DNSSEC) for email. This removes one of the primary barriers to the widespread use of secured email, namely, certificate distribution. With ES2ES installed I can send encrypted email without a previous exchange of certificates to anyone who has published their certificate in the DNS using IETF RFC6698. Since ES2ES has its own Windows native multi-threaded I/O DNSSEC validator, the look-ups are fast and secured end-to-end from email source machine to destination machine. ES2ES translates the LDAP ASN.1 style requests into equivalent DNS look-ups and validates the responses using DNSSEC. | |||
FAQ
|