Ubiquitous end-to-end secure email
Getting started with ES2ES for Outlook
Supports DNSSEC ECDSA, ED25519, RSA end point validation!
Just download the program
and add as Outlook address book
sha256 hashes: 19e5ebd6af50b1996e2a69f5ff24a3f197ced58447d89a294c1bb15e4103911d=setup.exe, a6a6f280102de79fbc430cfdb0aaabe53b0c1677b12157db3a18898ff8839217=setup.msi (On Windows check with "certutil -hashfile setup.exe sha256")
Skip to "Configuring Outlook to use ES2ES" and use our public test server* (ldap.ends2ends.com instead of your own server at 127.0.0.1:390) to try things out. MAC notes or Android notes.
Create a test S/MIME+DNSSEC email account here to try it out.
ES2ES is now a Windows Service. So after installation it automatically runs at startup. Just configure Outlook as follows.
Configuring Outlook to use ES2ES
FILE->Account Settings->Account Settings
Server Name = 127.0.0.1:390 if using es2es or ldap.ends2ends.com if using public test server,
127.0.0.1:390 or ldap.ends2ends.com address book visible. Close and restart Outlook.
For the DNS/email hoster: Adding S/MIME certificates to your DNSSEC secured DNS
- First generate a DNS record for the user's S/MIME certificate (and any intermiediate certs if not popular) by using a tool like this or sending a test email to email@example.com.
- Add/upload the result into your DNS+DNSSEC server
- Thats it
More about ES2ES
It basically is a miniature lightweight directory
access protocol (LDAP) server that runs locally on your machine. Applications like Microsoft Outlook
can directly query ES2ES for information that is otherwise unavailable and/or unsecured.
Currently ES2ES is
used to look-up S/MIME certificates in the public DNS (secured with DNSSEC) for email. This removes one
of the primary barriers to the widespread use of secured email, namely, certificate distribution.
With ES2ES installed I can send encrypted email without a previous exchange of certificates to anyone
who has published their certificate in the DNS using IETF RFC6698. Since ES2ES has its own Windows
native multi-threaded I/O DNSSEC validator, the look-ups are fast and secured end-to-end from email
source machine to destination machine.
ES2ES translates the LDAP ASN.1 style requests into equivalent DNS look-ups and validates the responses
- What standards does ES2ES support? ES2ES is based on IETF RFC6698 and RFC8162 and will track updates in these standards.
- What other platforms will ES2ES run on? Currently Windows 7-10 and 2012R2 server. We do have
plans to support other platforms if there is more interest.
- What will be the post beta price? We plan on pricing the supported version in the $50USD range
for single units similar to other security middleware products on the market. Server and Site licenses would certainly afford a discount.
- Will the public server support SSL? YES! Port LDAPS/636
- Is the source code available? Source code is available under license.
- We do also have a multi-threaded Linux version for the enterprise.
- *Public Server notes:
Windows normally downloads any missing intermediate CA certificates by following the AIA fields up to a valid root. Hence, only a valid end point certificate is needed. Outlook, however, does NOT do this for LDAP certificates. So make sure you have a reasonably up to date certificate store. This is not a problem for native ES2ES service which follows Windows convention and downloads and validates intermediate certificates as needed in the background.