Topics in this chapter   Outlook 2002 Security Model     Secure E-mail Messaging

Secure E-mail Messaging

For secure e-mail messaging in your organization, use encrypted e-mail messages and install Microsoft Outlook 2002 with appropriate privileges for users to take advantage of security functionality.

Encryption strengths for secure e-mail messaging

There are two classes of encryption key strengths available from Microsoft: High (128-bit) and Low (40-bit).

The following table summarizes the capabilities of High encryption.

The following table summarizes the capabilities of Low encryption.

Note   For signing, the Digital Signature Key lengths for High and Low encryption are RSA 1024-bit and RSA 512-bit, respectively.

Microsoft Office XP includes a technology that determines whether the user's installation is capable of 128-bit encryption operations. Microsoft provides 128-bit encryption capabilities in Microsoft Internet Explorer 3.02, Internet Explorer 4.x, Internet Explorer Service Packs, Microsoft Windows NT® 4.0, and Windows NT 4.0 Service Packs. Windows Installer tests these programs for certified 128-bit encryption capabilities during Office XP Setup.

If your system already has 128-bit encryption capabilities, Office XP installs new 128-bit encryption components during Setup. Systems that do not already have 128-bit encryption capabilities receive 40-bit encryption components.

Installation modes and feature options for secure e-mail messaging

To get full security functionality in Microsoft Outlook 2002 under Windows NT 4.0 or Windows 2000, you must install Outlook 2002 with local administrative rights or with elevated privileges. (Full security functionality is automatically included with Windows 98.)

With full e-mail security, users can perform the following tasks:

• Read S/MIME V2 encrypted e-mail messages
  
  
• Send S/MIME V2 encrypted e-mail messages
  
  
• Read S/MIME V2 digitally signed e-mail messages
  
  
• Send S/MIME digitally signed e-mail messages
  
  
• Enroll in public S/MIME security
  
  
• Enroll in MS Exchange Advanced Security
  
  
• Read Exchange 4.0/5.0 secure e-mail messages
  
  
• Send Exchange 4.0/5.0 secure e-mail messages

Without administrative rights on Microsoft Windows NT 4.0 or Microsoft Windows 2000, e-mail security functionality is degraded to limited security or no security, depending on the circumstances.

With limited e-mail security, users can perform the following tasks:

• Read S/MIME V2 encrypted e-mail messages
  
  
• Send S/MIME V2 encrypted e-mail messages
  
  
• Read S/MIME V2 digitally signed e-mail messages
  
  
• Send S/MIME digitally signed e-mail messages
  
  
• Enroll in public S/MIME security

With no e-mail security features, users can only read S/MIME V2 digitally signed e-mail messages; no other e-mail security features are available.

See also

If you are installing Outlook 2002 on client computers for users who do not have local administrative rights, you can give them elevated privileges for the installation. For more information about using elevated privileges in Office installations, see Installations That Require Elevated Privileges.