Can you please clarify if the “better way possible” was just another guess along with that CSE don’t use a supposedly existing “better way possible”.
Your HO implied an alternative. What the “better way possible” should be like? (if does actually exist)
Comodo’s key is used to provide Proof of Origination. You can use digital certificates (PKI) for 2 purposes
1)Security
2)proof of origination (digital signing)
When you encrypt it for someone else using their public key, you are using the security aspect of the PKI. You can also encrypt the data using your own Private key! Yep… what that means is everyone can decrypt it… but the beauty is that everyone will know it came from you, cos only you have access to that private key that encrypted that data. And that is known as digital signing. So a digitally signed message is not about securing it but proving that it came from the author. So Comodo’s keys are used in Digital Signing capacity, in that we digitally sign your public key, so that other people will trust your public key. Our key has nothing to do with the encryption of your data per se.
Melih
Melih and or Endymion
Let´s see if I have this straight
the final part in bold is kind of a question
Alice & Bob both have CSE and have never sent emails to each other before
Charlie does not have CSE
One day Alice sends an Email to Bob. Alice´s CSE checks the CCSs(Comodo Cert Servers) for a public key and finds one for Bob so Alice´s CSE ecrypts the Email to Bob who then uses his private key to decrypt the Email.
Later when Bob reply’s to Alice he has already received a Digital signed Email from Alice and that Digital Signature contains the Public Key of Alice, which Bob´s Computer has saved. So Bob´s computer does not need to check the Comodo servers for a Public key´, since Bob´s computer already has one provided that Alice´s digital Certificate is still valid.
So Bob´s CSE goes ahead and encrypts the email with Alice´s Public Key without checking the CCS(Comodo Cert Server).
or
Bob´s CSE verifies the public key is valid and and encrypts the email with valid Public Key of alice either from the cert received earlier or the valid one from the CCS(Comodo Cert Server).
Finally Bob Sends another email to Charlie who does not have CSE
[b][u]Depending on Bob´s Setting in CSE One of two things happen or both or I have this totally wrong?
A) Bob´s CSE Digitally signs & encrypts the message and sends it Charlie with a one time Key to decrypt it?
1) Charlie can only read the email by Forwarding the Email to Comodo’s Web Reader?
2) How many times or for how long can Charlie use the web reader to read the email?
B) Bob´s CSE only Digitally Signs the message?
[/u][/b]
That was an awesome post Melih! ;D
It filled in MANY of the gap’s in my lack of understanding.
The only thing I am still confused about is:
How was this message Decrypted?
Using the new knowledge from your/Melih’s last Post, I can only assume Two possible answers: (Instead of One.)
The latter method seems more Secure; it uses a Private Key instead of a Public Key for the Decryption process.
Is there a Third possible answer? ???
Thanks! :-TU
Coincidentally it also looks like a perfect match for your locksmith analogy and even more for you comment about CSE…
Whereas as specifically mentioned the other assumed answer in the following quote would allow everybody to decrypt the email.
Likely the possible answer is a patent pending one…
Whereas the patent is likely to apply i, ii and iii
Hi All,
Ok, Comodo SecureEmail uses public digital certificates which have an associate private key. It’s this private key (and the fact it stays ‘private’) that is the bit that makes everything secure.
The public certificate (only a template) and the private key are both generated on your PC when you sign up for a digital certificate. The public certificate template part is sent to Comodo servers to be turned into a ‘real’ certificate and signed by Comodo’s private key.
In the following scenarios, Alice is the sender, Bob is the recipient.
When Alice or Bob send a signed e-mail, their public key certificate is attached. The recipient can then verify who they are because their certificate was signed by Comodo.
Alice wants to send an e-mail and:
Scenario 1)
Alice already has Bob’s public key (received via a signed e-mail etc)
In this scenario, Alice encrypts (S/MIME) using Bob’s public key. The e-mail can be decrypted in any S/MIME compliant e-mail system like CSE, Outlook or Thunderbird.
Scenario 2)
Alice doesn’t know Bob’s e-mail certificate in advance.
(Alice chooses if the Web Reader can be used or not or turn off Web Reader access but we’ll deal with the Web Reader service when describing Bob’s actions)
In this scenario the situation is a little more complicated. Alice doesn’t have Bob’s public key certificate to encrypt for so CSE does this:
At this point, Bob has the e-mail, Comodo have the temp session keys.
So on Bob’s side.
Bob now needs to decrypt the mail, his choices are:
Ok, so let’s deal with these three choices below:
Bob already has CSE
Bob download’s Comodo SecureEmail.
Bob chooses to forward the mail to the Web Reader service
Hope this answers everyone’s questions.
Regards,
Shane. 
Thanks Shane For me that´s about as clear as it can get.
%lock%
X