Reply to post:

Dumb bug of the week: Outlook staples your encrypted emails to, er, plaintext copies when sending messages


From what I remember, S/MIME-based encryption in Exchange was not intended for obfuscating the contents of the email. Instead, it was for validating that the original email was unchanged. From what I remember, being involved in writing the original RFC-style protocol documentation for Exchange, this was a known aspect of how S/MIME encryption worked. There always has to be some unencrypted part that leaked information, because the extended headers often contained identifiable information as well. How do you pass a public key in an extended header when all the extended headers are encrypted, was root of the problem, and the message-body was just a longer-length version of that same problem. That's why they eventually went to SMTP over HTTPS/TLC, so that the encryption encapsulated the entire connection.

Or, I could be remembering it wrong, too :D. But, this rings a loud, clear bell in my recollection.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019