Microsoft Exchange Server for Windows 2000: Planning, Design, and Implementation

No one likes to think that their messages might be read en route to a recipient or by anyone other than the recipient after messages have reached their final destination. Working with S/MIME-enabled Microsoft clients, the advanced security subsystem in Exchange 2000, provides three major pieces of functionality to users:
With service release 1 of Outlook 2000, two further features are enabled non-repudiation of receiving and security labels. However, these are optional features that obviously depend on a software update being distributed to all clients.
Encryption is a massive subject and has filled many books and technical papers with the details of algorithms, processing, and implementation. The intention of this section is to outline the basics of how Exchange 2000 works with Outlook 2000 to encrypt and digitally sign messages. Other clients are mentioned in passing, but the concentration is on Outlook 2000, largely because Outlook 2000 can exploit the features of the Exchange 2000 Key Management Server to the maximum.
These features are based on software that Microsoft has licensed from both Entrust Technologies and RSA Data Security Inc., augmented with code developed within Microsoft. RSA is a public-key encryption system that can be used for both encryption and digital signatures and is probably the most widely used public key encryption system in use today. RSA was originally developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at the Massachusetts Institute of Technology. The initials of the...