RE: Certification Question

  • From: Rick Boza <rickb@xxxxxxxxxxxxxxx>
  • To: Exchange List <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 08 Mar 2005 11:23:51 -0500

I suspect 'high-end of the market' has different meanings for different
people.  

But I agree with Raj, and I'll go a step further - if you want to be in the
hosted solution market - and according to your web site, you do - you need a
commercial cert. If you want to be in that business, you have to accept some
of the costs, and a trusted CA is one of them.


On 3/8/05 10:53 AM, "Periyasamy, Raj" <Raj.Periyasamy@xxxxxxxxxxxx> wrote:

> http://www.MSExchange.org/
> 
> Andrew,
> 1) Your SMTP relay concerns can be overcome by authentication.
> 
> 2) If you are really targeting high-end market get a commercial
> certificate. 
> 
> 
> Regards,
> 
> Raj
> 
> 
> -----Original Message-----
> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, March 08, 2005 10:44 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Raj, 
> 
> I have clients that travel a lot and take their notebook computers with
> them where ever they go, and I will be damned if I let them relay their
> emails back through my SMTP server. ISP's today who are using SSL for
> SMTP still do not allow their clients to relay their emails from another
> connection.
> 
> Yes I am dealing with the high-end of the market and no I don't wish to
> sell emails to boys and girls who spend a lot of time chatting about
> nothing.
> 
> :)
> 
> Andrew
> 
> 
> -----Original Message-----
> From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
> Sent: Tuesday, March 08, 2005 9:58 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> But, still, POP3 and SMTP has less overhead compared to an RPC over HTTP
> connection. Ideal for an individual, not a business. The only advantage
> with RPC over HTTP is RPC being encapsulated in HTTP packets, so you
> don't need an RPC connections end to end. Unless you are an ISP
> specializing in providing hosted Exchange services for other businesses,
> but your are an ISP providing just email access to individual users,
> still POP3 and SMTP is the best way to go. In my earlier email by ISP I
> did not mean Hosted Exchange service providers. An individual user does
> not need access to a GAL or an Organization wide calendar, so why would
> one give RPC over HTTP access to an individual.
> 
> 
> Regards,
> 
> Raj
> 
> 
> -----Original Message-----
> From: Michael B. Smith [mailto:michael@xxxxxxxxxx]
> Sent: Tuesday, March 08, 2005 9:44 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> You said: RPC over HTTP is meant for corporate use, not for ISP use.
> 
> That's not true.
> 
> One of the primary reasons for RPC/HTTP was for xSPs to offer hosted
> Exchange.
> 
> Hosted Exchange includes an Outlook 2003 license.
> 
> I've written an idiot-proof configuration document, and I know I'm not
> the only one, for configuring Outlook for Hosted Exchange. Microsoft
> also makes available a tool that generates a hosted Exchange profile.
> It's less confusing than configuring POP.
> 
> -----Original Message-----
> From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
> Sent: Tuesday, March 08, 2005 9:34 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Andrew,
> I am getting a fair idea of your setup. I assume you are a fairly small
> shop. If I were you, I would definitely go with POP3 for external users.
> If you go for RPC over HTTP, every client needs to have Office 2003 or
> at least Outlook 2003. Are they willing to spend on that. If you use
> POP3 they can use any email client like Outlook express. You don't have
> to spend on certificates, and support. It is a real time killer. RPC
> over HTTP is meant for corporate use, not for ISP use. Does your ISP
> allow incoming POP3 and SMTP connections? All ISPs allow outgoing POP3
> and SMTP connections, so the only problem is you have to make sure you
> can receive incoming connections. If not, you can even run POP3 and SMTP
> on a different port. Trust me on this one, it is less confusing to an
> end user to configure POP3/SMTP rather than RPC over HTTP and
> certificates.  
> 
> 
> Regards,
> 
> Raj
> 
> 
> -----Original Message-----
> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, March 08, 2005 9:17 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Rick, 
> 
> $150 a year is too much for this mom and pop ISP if you want to call it
> that. :)
> 
> Andrew
> 
> 
> -----Original Message-----
> From: Rick Boza [mailto:rickb@xxxxxxxxxxxxxxx]
> Sent: Tuesday, March 08, 2005 7:41 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Certification Question
> 
> http://www.MSExchange.org/
> 
> Or, if you want to provide ISP (or ASP) services to customers, but you
> don't trust them to hit /certserv, a better solution is to use a cert
> from a publicly trusted root.
> 
> This is exactly what they are there for - you've already spent as much
> in labor as you ever would on the cert - they're only $150 US from
> Entrust.
> 
> That's an hour's work (or more, depending on your rates).  Between this,
> and all the challenges you've had getting RPC/HTTPS working - all would
> have been fixed by this, and you would move on to selling that service
> to the ten other clients you need to absorb the cost.
> 
> 
> On 3/8/05 7:09 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote:
> 
>> http://www.MSExchange.org/
>> 
>> Why not just distribute the CA certifiate as a file and provide
>> instructions for installing it. Can probably be done from the command
>> line too, so it could be scriptable.
>> 
>> 
>> Tom
>> www.isaserver.org/shinder
>> Tom and Deb Shinder's Configuring ISA Server 2004
>> http://tinyurl.com/3xqb7
>> MVP -- ISA Firewalls
>> 
>> 
>> -----Original Message-----
>> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
>> Sent: Monday, March 07, 2005 10:44 PM
>> To: [ExchangeList]
>> Subject: [exchangelist] RE: Certification Question
>> 
>> http://www.MSExchange.org/
>> 
>> Both. 
>> 
>> I am bothering with certificates because I also do a lot of trouble
>> shooting for people and find that if you really want to confuse them
> set
>> them up on POP3 and SMTP. Btw most ISP's block incoming SMTP request
>> from the outside which another reason I want to stick with RPC over
>> HTTP; clients on the run will be able to plug their machines in just
>> about anywhere and get connect to their email without having to worry
>> about reconfiguring their SMTP server. It's always best to keep it
>> stupid simple. :)
>> 
>> I use it for both in house and ISP.
>> 
>> Andrew
>> 
>> 
>> -----Original Message-----
>> From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
>> Sent: Monday, March 07, 2005 9:52 PM
>> To: [ExchangeList]
>> Subject: [exchangelist] RE: Certification Question
>> 
>> http://www.MSExchange.org/
>> 
>> Andrew,
>> You haven't answered my question.
>> Are you using Exchange as a ISP mail server ? Or as a corporate email
>> server or both. If you are trying to provide service for non-corporate
> 
>> users, why are you bothering with RPC over HTTP and certificates?
>> 
>> 
>> Regards,
>> 
>> Raj
>> 
>> 
>> 
>> 
>> 
>> -----Original Message-----
>> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
>> Sent: Monday, March 07, 2005 5:25 PM
>> To: [ExchangeList]
>> Subject: [exchangelist] RE: Certification Question
>> 
>> http://www.MSExchange.org/
>> 
>> Al,
>> 
>> Uhm...
>> 
>> The current way OWA with SSL works is when you go to
>> https://owa.smoothrunnings.ca/exchanage you will be prompted to accept
> 
>> the cert.
>> 
>> Once you accept the cert you then see the OWA login page. You login
> and
>> your done..
>> 
>> okay got it?
>> 
>> RPC over HTTP does not prompt the user to accept the cert, it assumes
>> the user has installed the cert into their computer.. ie in
> Certificates
>> for the local computer -> Certificates -> Personal
>> 
>> If you go to your certs machine and type: http://IP/certsrv and login
>> and choose "download a CA certificate....blah...blah..." and then
> click
>> on "Install this CA..blah blah" on the next page the CA will be
>> installed on the machine you are using to access certsrv.
>> 
>> Thus when you go to owa.sitename.com/exchange which you just installed
> 
>> the cert for you will NOT be prompted for the cert. Thus when you use
>> RPC over HTTP you WILL connect to the exchange server.
>> 
>> I simply don't want users to have access to /certsrv, I would rather
>> create or used part of the certcarc.asp code (which installs the cert
> on
>> your machine) to create a new page which users who are currently using
> 
>> my email services can access to install the cert on their personal
>> computers.
>> 
>> I am just trying to figure out if there is a easier way to go about
> it,
>> since I don't want to waste my friends time in dismantling Microsoft's
> 
>> ASP code! :)
>> 
>> Andrew
>> 
>> -----Original Message-----
>> From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
>> Sent: Monday, March 07, 2005 4:40 PM
>> To: [ExchangeList]
>> Subject: [exchangelist] RE: Certification Question
>> 
>> http://www.MSExchange.org/
>> 
>> Ok.  So you want them to get the cert and install it in the store, a
> la
>> the way that you get prompted for an untrusted cert on an IIS page in
>> IE, only not prompt them for it correct? Basically handle the warnings
> 
>> etc in another way than a popup else let the popup occur in your
> process
>> (in other words, let the user browse to the secure site that tells
> them
>> how to set this up and have them insert it in the trusted store or
> offer
>> a script that does this for them (I opt for the previous: letting them
> 
>> see the cert popup, and telling them to accept it and install the cert
> 
>> vs. automating it.  For many reasons including technical and security
>> reasons).
>> 
>> 
>> I think there are all kinds of issues with doing this, such as the
> user
>> has to be able to write to the trusted store etc.  However, I believe
>> this is the concept you're looking for:
>> 
>> http://support.microsoft.com/kb/297681
>> 
>> 
>> Let me know if I missed the concept totally.
>> 
>> al
>> 
>> ------------------------------------------------------
>> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com Leading
>> Network Software Directory: http://www.serverfiles.com
>> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> Security
>> Resource Site: http://www.windowsecurity.com/ Network Security
> Library:
>> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
>> http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this MSEXchange.org Discussion List
> as:
>> raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit
>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Report abuse to listadmin@xxxxxxxxxxxxxx
>> 
>> 
>> ------------------------------------------------------
>> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com Leading
>> Network Software Directory: http://www.serverfiles.com
>> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
>> Security Resource Site: http://www.windowsecurity.com/ Network
>> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
>> Solutions: http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this MSEXchange.org Discussion List
> as:
>> andrew@xxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe visit
>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Report abuse to listadmin@xxxxxxxxxxxxxx
>> 
>> ------------------------------------------------------
>> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com Leading
>> Network Software Directory: http://www.serverfiles.com
>> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
>> Security Resource Site: http://www.windowsecurity.com/ Network
>> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
>> Solutions: http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this MSEXchange.org Discussion List
> as:
>> tshinder@xxxxxxxxxxx
>> To unsubscribe visit
>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Report abuse to listadmin@xxxxxxxxxxxxxx
>> 
>> 
>> 
>> ------------------------------------------------------
>> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com Leading
>> Network Software Directory: http://www.serverfiles.com
>> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
>> Security Resource Site: http://www.windowsecurity.com/ Network
>> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
>> Solutions: http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this MSEXchange.org Discussion List
> as:
>> rickb@xxxxxxxxxxxxxxx
>> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
> Resource Site: http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> andrew@xxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
> Resource Site: http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> raj.periyasamy@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
> Resource Site: http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> michael@xxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> raj.periyasamy@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> andrew@xxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> raj.periyasamy@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> rickb@xxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx



Other related posts: