Unencrypted messages can be hijacked in transit and read or altered£®If the mail is not digitally signed£¬you can't be sure where it came from£®

    δ¼ÓÃܵÄÐÅÏ¢¿ÉÄÜÔÚ´«ÊäÖб»½Ø»ñ¡¢Íµ¿´»ò´Ü¸Ä¡£Èç¹ûÓʼþ²»ÊÇÊý×ÖÇ©ÃûµÄ£¬Äã¾Í²»Äܿ϶¨ÓʼþÊÇ´ÓÄÄÀïÀ´µÄ¡£
 
    There are many options for securing e-mail£¬all with a few strengths and probably more weaknesses£®

    È·±£µç×ÓÓʼþµÄ°²È«ÓжàÖÖÑ¡Ôñ£¬ËüÃǶ¼ÓÐЩ³¤´¦£¬µ«ÓпÉÄÜ´æÔÚ¸ü¶àÈõµã¡£

    Let's take care of the easy decisions£®Secure/Multipurpose Internet Mail Extensions(S/MIME)should be the message encryption and digital signature format because it's the accepted standard and is built into leading e-mail clients such as Microsoft Outlook 98/2000 and Lotus Notes R5£®Yet a standard such as S/MIME only takes you so far£®Each vendor has implemented its own interpretation of S/MIME£¬which makes interoperability problematic£®This drawback is exacerbated by the emergence of S/MIME Version 3 in the newest e-mail clients£¬which again could create interoperability issues£®

    ÈÃÎÒÃÇÏȹØ×¢Ò»ÏÂÈÝÒ××öµÄ¾ö¶¨£¬°²È«/¶àÓÃ;ÒòÌØÍøÓʼþÀ©Õ¹(S/MIME)Ó¦¸ÃÊÇÐÅÏ¢¼ÓÃܺÍÊý×ÖÇ©ÃûµÄ¸ñʽ£¬ÒòΪËüÊÇÒѱ»ÈϿɵıê×¼£¬±»×ö½øÁËÖ÷ÒªµÄµç×ÓÓʼþ¿Í»§¶ËÈí¼þÖУ¬Èç΢ÈíµÄOutlook 98/2000ºÍÁ«»¨¹«Ë¾µÄNotes R5¡£Æù½ñΪֹ£¬ÄãÖ»ÄÜÓÃS/MIMEÒ»ÀàµÄ±ê×¼¡£Ã¿¼Ò¹©Ó¦É̶¼ÓÐ×Ô¼º¶ÔS/MIMEµÄ½âÊÍ£¬Õâ¾ÍÒý³ö ÁË»¥ÓÃÐÔÎÊÌ⣬×îеĵç×ÓÓʼþ¿Í»§¶ËÈí¼þÖÐS/MIMEÈý°æµÄ³öÏÖ£¬¼ÓÖØÁËÕâ¸öȱÏÝ£¬ËüÔٴοÉÄÜ´øÀ´»¥ÓÃÐÔÎÊÌâ¡£

    The path of least resistance is to get an e-mail security gateway£¬ which is analogous to a firewall for e-mail£®Every message going in or out pases through the gateway£¬allowing security policies to be enforced (where and when messages can be sent)£¬virus checking to be performed£¬and messages to be signed and encrypted£® One drawback of the gateway approach is that it doesn't provide user-based security£®For example£¬the gateway encrypts outbound messages so recipients can verify they came from your company£¬but recipients can't prove from whom they came£®

    ×èÁ¦×îСµÄµÀ·¾ÍÊDzÉÓõç×ÓÓʼþ°²È«Íø¹Ø£¬ËüÏ൱ÓÚµç×ÓÓʼþµÄ·À»ðǽ¡£½ø³öµÄÿһÌõÐÅÏ¢¶¼Òª¾­¹ýÍø¹Ø£¬Íø¹Ø¿ÉÒÔʵʩ°²È«Õþ²ß(ÐÅÏ¢ÔںΠʱÏòºÎµØ·¢ËÍ)¡¢Ö´Ðв¡¶¾¼ì²é²¢¸øÐÅϢǩÃûºÍ¼ÓÃÜ¡£ÕâÖÖÍø¹Ø·½·¨µÄÒ»¸öȱÏݾÍÊÇËü²» ÄÜÌṩ»ùÓÚÓû§µÄ°²È«ÐÔ¡£ÀýÈ磬Íø¹Ø¶ÔÏòÍâ·¢µÄÐÅÏ¢½øÐмÓÃÜ£¬Òò¶ø½ÓÊÕ·½ÄÜÑéÖ¤Ëü ÃÇÀ´×ÔÄãµÄ¹«Ë¾£¬µ«½ÓÊÕ·½²»ÄÜÖ¤Ã÷ËüÃÇÀ´×ÔÄĸöÈË¡£

    Client-based methods use your private key to sign messages(proving it came from you)£¬which is a more granular level of security£¬but they have weaknesses as well£®They need to be configured on each desktop£¬which includes issuing a digital certificate to each user (for encryption and digital signature)£¬and ensuring that a proper security profile is configured within the e-mail client£®

    »ùÓÚ¿Í»§¶ËµÄ·½·¨²ÉÓÃÄã˽ÈËÃÜÔ¿À´Ç©ÊðÐÅÏ¢(Ö¤Ã÷Ëü³ö×ÔÓÚÄã)£¬ÕâÊǸüϸ»¯µÄ°²È«µÈ¼¶£¬µ«ËüÃÇÒ²ÓÐÈõµã¡£ËüÃÇÐèÒªÅäÖõ½Ã¿¸ö×ÀÃæϵͳ£¬°üÀ¨Ïòÿ¸öÓû§·¢Êý×ÖÖ¤Êé(ÓÃÓÚ¼ÓÃܺÍÊý×ÖÇ©Ãû)£¬²¢È·±£ÔÚÿ¸öµç×ÓÓʼþ¿Í»§¶Ë¶¼ÅäÖÃÁ˺ÏÊʵݲȫÅäÖÃÎļþ¡£

    There are also a number of Web-based secure mail services that keep all messages within their environment at all times to ensure security£®You use a secure site on the Internet to compose a message£®Once you hit“Send”£¬the site encrypts and stores the message on its site£¬and sends the recipient an e-mail notification that a secure message is waiting£®The recipient links to the site£¬ provides a shared secret for authentication£¬and accesses the message via Secure Sockets Layer£® Unfortunately£¬this method does not work with existing enterprise e-mail systems£®

    Ò²ÓжàÖÖ»ùÓÚWebµÄ°²È«Óʼþ·þÎñ£¬ÕâЩ·þÎñÔÚÈκÎʱºò°ÑËùÓÐÐÅÏ¢¶¼±£³ÖÔÚËüÃǵĻ·¾³ÖУ¬ÒÔÈ·±£°²È«ÐÔ¡£ÄãÀûÓÃÒòÌØÍøÉÏÒ»¸ö°²È«ÍøÕ¾À´ ±àдÐÅÏ¢£¬Ò»µ©Äãµã»÷ÁË“·¢ËÍ”£¬ÍøÕ¾¾Í½øÐмÓÃܺͰÑÐÅÏ¢±£´æÔÚ¸ÃÍøÕ¾ÖУ¬²¢Ïò½ÓÊÕ·½·¢Ò»·Ýµç×ÓÓʼþ֪ͨ£¬¸æËßËûÓÐÒ»·Ý°²È«µÄÐÅÏ¢µÈËûÈ¥½ÓÊÕ¡£½ÓÊÕ·½Á´½Óµ½¸ÃÍøÕ¾£¬ÌṩÓÃÓÚÈÏÖ¤µÄ¹²ÏíÃØÃÜ£¬Í¨¹ý°²È«Èë¿Ú²ã(SSL)·ÃÎʸÃÐÅÏ¢¡£¿Éϧ£¬´Ë·½·¨²»ÄÜÓëÏÖÓеÄÆóÒµµç×ÓÓʼþϵͳһÆð¹¤×÷¡£

    The stickiest issue is building a directory of digital certificates£®This directory holds the certificates needed to encrypt messages to a recipient£®Internally£¬building the directory may not be a big deal because all certificates for a company can be published in a central Lightweight Directory Access Protocol server£¬but externally this causes many problems£®You will need to establish an agreement with a recipient's organization to ensure access to the right digital certificates£®This process£¬ however£¬ creates more user training issues and adds complexity to e-mail communications£®

    ×îÀ§ÄѵÄÎÊÌâÊǽ¨Á¢Êý×ÖÖ¤ÊéĿ¼¡£´ËĿ¼±£´æ×ÅÏòÒ»Ãû½ÓÊÕÈË·¢µÄÐÅÏ¢½øÐмÓÃÜËùÐèµÄÖ¤Êé¡£´ÓÄÚ²¿½²£¬½¨Ä¿Â¼¿ÉÄܲ»ÊǼþ´óÊ£¬ÒòΪһ¼Ò¹«Ë¾µÄËùÓÐÖ¤Êé¿ÉÒÔÓÉÖÐÑë¼ò»¯Ä¿Â¼·ÃÎÊЭÒé·þÎñÆ÷°ä·¢£¬µ«´ÓÍⲿ½²£¬Õâ»áÒýÆðºÜ¶àÎÊÌâ¡£ÄãÐèÒªÓëÊÕ¼þÈËËùÔÚ×éÖ¯´ï³ÉЭÒ飬ÒÔÈ·±£·ÃÎÊÕýÈ·µÄÊý×ÖÖ¤Ê顣Ȼ¶ø£¬Õâ¸ö¹ý³Ì»áÔì³É¸ü¶àµÄÓû§ÅàѵÎÊÌâÒÔ¼°Ôö¼Óµç×ÓÓʼþͨÐŵĸ´ÔÓÐÔ¡£

    Although there is technology available for secure e-mail£¬ widespread deployment is still problematic£® However£¬as more companies and regular e-mail users see the need to secure their messages£¬the use of digital certificates will one day become a transparent part of your everyday activities£®

    ËäÈ»ÒÑÓм¼Êõ¿ÉÓÃÓÚ°²È«µÄµç×ÓÓʼþ£¬µ«¹ã·º²¿ÊðÈÔÊǸöÎÊÌ⡣Ȼ¶ø£¬Ëæןü¶àµÄ¹«Ë¾ºÍÆÕͨµç×ÓÓʼþÓû§¿´µ½ÁËÈ·±£ÆäÐÅÏ¢°²È«µÄÐèÒª£¬ÖÕ ÓÐÒ»ÌìʹÓÃÊý×ÖÖ¤Êé»á±äµÃ͸Ã÷£¬³ÉΪÄãÈÕ³£Éú»îµÄÒ»²¿·Ö¡£