It sometimes happens that I get the same (or similar) question from several people within a short time frame. That’s usually a good indicator that the answer would make a good blog entry! Today’s installment in this long-running series is simple: how do journaling systems and encrypted mail go together?
When you use S/MIME, the message is encrypted when the client submits it to the store. Exchange only gets the encrypted version. That means that when it’s journaled, it’s encrypted. It stays encrypted until the recipient opens it. The journaling system can copy the message, and it will have access to the envelope information (like who sent the message, who it’s addressed to, and the subject). However, for encrypted messages, the message payload is encrypted, so it won’t be readable by the archiving administrator.
When you use Windows Rights Management Services, the situation is much the same: the message is protected before it leaves the client. However, RMS supports the concept of a group of “super users” who can recover content no matter who created it. That means that super users can recover protected content from the archive, which is exactly what most companies want to do.
How do you get RMS-like behavior from S/MIME? Simple (well, conceptually simple, anyway). All you need to do is CC or BCC the archiving administrator on every message sent. That will cause the message to be encrypted with their cert as a recipient, preserving their ability to read the messages. Implementing this is left as an exercise for the reader (and it’s not really trivial, which is why DoD and other TLAs have their own custom solutions known as security guards (try this one for an example). One way to start is by using a custom Outlook form that includes the BCC recipients. In fact, you could easily build an Exchange 2007 transport rule that would NDR any encrypted message that was not BCC’d to the security guard. Maybe I’ll try that next week…
Paul's Down-Home Page 