Overview of EMF security models.

Summary:

This article provides a brief summary of the security models offered by EMF. The Secure Messenger add-on product is discussed for completeness. The reader is referred to the EMF Admin Guide and SM Admin Guide for full details.

Detailed Information:

1) Server-to-Server security (also called SPN, or VPN, security).

In this model, both your site and the remote site have EMF, and both are setup to use SPN security, establishing a "Secure Public Network" between the two sites. In SPN, the EMF servers exchange self-generated self-signed (also called EMF root) certificates once, and then perform encryption and decryption of messages automatically between the sites on behalf of the users behind the EMF servers, transparently to those users. This eliminates the need for the end users to use desktop encryption software when communicating to an SPN partner. You can have as many SPN partner sites as you like.

For more information on SPN security, see the EMF Admin Guide section on Secure Public Network.

1a) Starting in EMF 6.0, the concept of EMF Server-to-Server (SPN) security can be extended to a remote site that does not have an EMF server, but does have an SMG-compliant email gateway. SMG is the Open Group's standard for Secure S/MIME Gateway interoperability, and works similar to an EMF SPN. In fact, EMF supports SMG by putting an SPN in SMG mode. The SMG setup steps are similar to an SPN. Please see the EMF Admin Guide. For more information on the SMG standard, see Open Group SMG.

2) Server-to-Client security (also called Proxy security).

In this model, your site has EMF, but remote sites do not have EMF, and their users use desktop encryption when communicating to your site. In Proxy security, individual remote users send in their public keys to local MMS users once, and EMF generates and maintains proxy certificates on behalf of your local users, used when your local users communicate with those remote users. Local users do not need to use desktop encryption to those remote users; EMF encrypts/decrypts on the local users' behalf using the proxy certificates. Proxy security is enforced by EMF policies.

For more information on Proxy security, see the EMF Admin Guide section on Proxy Security.

3) Client-to-Client security (also called Plaintext Access).

In this model, EMF does no encryption, just decryption. Local and remote end users use desktop encryption to each other, using their own certificates, but the users are additionally required to encrypt each message for EMF (using the EMF root certificate), so that EMF can decrypt each message and apply policies to it. The required encryption for EMF is policy-enforced.

For more information on Client-to-Client security, see the EMF Admin Guide section on Client-to-Client Security.

4) TLS security (Transport Layer Security [RFC 2246]).

In this model, introduced in EMF 6.0 and configured in the EMF relay settings, the EMF SMTP communication commands and data are encrypted. Just like SSL encrypts commands and data over HTTPS, TLS does the same over SMTP. Note that the other security models discussed in this article encrypt the email message, but not the SMTP commands. The gateway server sending to or receiving email from EMF must support TLS.

Using TLS also requires a TLS server certificate be purchased from a Certificate Authority (e.g., Verisign) and imported into EMF.

TLS is a point-to-point protocol, meaning that if, for example, EMF sends out a message using TLS, the encryption is guaranteed only to the next relay hop; continued encryption to the final destination requires successive relay hops support TLS. Since many ISPs pass port 25 traffic through to a site's mail gateway server, TLS can be successfully employed site-to-site.

For more information on TLS, see the EMF Admin Guide and related articles on the right.

5) PGP certificate support.

EMF 6.2 introduced support for PGP certificates in addition to S/MIME certificates for the Proxy security model. Please see the EMF Admin Guide for further details.

6) Secure Messenger.

EMF 5.6.2 introduced an optional add-on product called Secure Messenger (SM), which is installed separately from EMF, but shares the EMF database. Messages sent through EMF can be redirected to SM for secure delivery. The messages sent to SM, which may include attachments, are encrypted and stored by SM in the SM part of the database. Recipients receive email notifications with HTTPS links to download the secure messages from the SM server.

Some readers may be familiar with the Tumbleweed IME product. SM is a "slimmed-down" version of IME, with many of the same features, and operates the same way with regard to delivery of secure messages. Please see the SM Admin Guide, or your Tumbleweed Sales Representative, for more details about Secure Messenger.

Additional Information:

Any of these models can be used simultaneously on an EMF server. Note that using a security model does not preclude standard application of EMF policies, like virus and content checking. Security is performed in addition to standard checking.