[Dshield] PGP Key Maintenance

Stasiniewicz, Adam stasinia at msoe.edu
Fri Jan 13 17:47:40 GMT 2006


On the topic of email client PGP apps, I took a trial run of PGP 9 and
found that it does not have support for Outlook 2003 using Exchange
2003.  It instead will proxy SMTP/POP3/IMAP4 connections (unlike
pervious versions which used plugins).  Since I need to keep my Outlook
client in Exchange mode for work reasons I am only able to manually
clear sign messages.  I have heard that the pay version of 8.1 did have
Exchange support, but was fairly buggy.  So the questions I have for all
is:

1. Is there a way to get PGP support for an Outlook 2003 / Exchange 2003
setup?
2. Is there a way to check the signature on a PGP/MIME message using
Outlook 2003 and "clear signing" client only?
3. Does anyone have any experience with PGP 8.1 on an Outlook
2003/Exchange 2003 setup, and if so, what is your experience?

Thanks,
Adam Stasiniewicz 
Computer and Communication Services Department 
Milwaukee School of Engineering 
MSCE: Messaging & Security 2003 


-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Johannes B. Ullrich
Sent: Friday, January 13, 2006 7:12 AM
To: list at lists.dshield.org
Subject: [Dshield] PGP Key Maintenance


I am going through our various keys to update them as needed, get them
properly signed and remove revoked keys over the next few days. Any old
(but still valid) keys will stay usable for now, but you may see some
new keys pop up.

The best location for all keys will be
https://isc.sans.org/PGPKEYS and https://www.dshield.org/PGPKEYS
The keys will also be uploaded to major public key servers (starting
with pgp.mit.edu)


I will make another announcement once the update is finished. If anybody
has access to a 'widely trusted' PGP key, I would appreciate any
signatures for our isc at sans.org key. Let me know if you want to arrange
for signing.

The two "most important" keys will be:

isc at sans.org: 0x1F9D024D
 Fingerprint: 61A5 C22B 65C0 7740 8D21  E563 BCB4 3887 1F9D 024D

jullrich at sans.org: 0xC9BFBFFD
 Fingerprint: 296B 634C 9B51 C8DF E7CA  5AAC 3CDB 9761 C9BF BFFD

While I am on the topic:
  I typically sign all my mail, not just "important" mail with PGP. If
your mail client does not support pgp, you may see an attachment (which
is the signature). Sadly, there are many "standards" to chose from. I
just happen to use what my e-mail client supports.

  you will find PGP support available for most e-mail clients. There are
two 'main versions' of pgp:

- commericial version from www.pgp.com
- open source version (Gnu Privacy Guard, or GPG) from www.gnupg.com

 A quick google search should find you a PGP plugin for your e-mail
client if its not already included.



-- 
---------
Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
http://isc.sans.org
PGP Key: https://secure.dshield.org/PGPKEYS

"We use [isc.sans.org] every day to keep on top of
 security at our bank" Matt, Network Administrator.




More information about the list mailing list