Understanding e-me.ca Secure WebMail

Definitions:
  • HTTP stands for Hyper Text Transfer Protocol
  • HTTPS stands for Hyper Text Transfer Protocol Secure Socket Layer
  • SSL stands for Secure Socket Layer
  1. A user connects to the login window and accesses a secured URL hidden behind a frame: an object secured by a unique Server ID.

    We hide the HTTPS connection in a frame at http://e-me.ca/ which actually connects to https://imap.canadaemails.com/eme/start.eme. (You can use https://imap.canadaemails.com/eme/start.eme if you like instead of the easier-to-remember "e-me.ca".)

    We do this in the same manner banks redirect to a secure socket because it is easier than telling millions of people, millions of times over and over again to type the "s" after "http".
    In actual fact, most people don't even type the protocol prefix "http://", they instead let the browser enter a best guess. That's another reason we do things the way we do.

    Many users, when asking Help Desk why they need "https", insist they never type "http anything" and it shouldn't be necessary. In actual fact most browsers will accept and attempt to connect many protocols including "ldap://", "ftp://", "http://", "https://", "mms://", and more. The most often used is "http://" and when the user has typed no protocol at all, the first guess of the browser will be "http://". That's another reason we do things the way we do.

     

  2. With the help of good programming we get the user connected to https://imap.canadaemails.com/eme/start.eme by simply typing "e-me.ca" in their Internet Explorer Browser window. Amazing.
  3. The server responds, automatically sending the user its digital certificate, which authenticates the session connection to the server.
  4. The user's Web browser generates a unique "session key" (like a code) to encrypt all communications in precisely *this* session.
  5. The user's browser encrypts the session key with the IMAP. CanadaEmails 's public key so only IMAP. CanadaEmails can read the session key.
  6. Depending on the browser, the user may see a key icon becoming whole or a padlock closing, indicating that the session is secure.
  7. A secure session is now established--all communications will be encrypted and can only be decrypted by the two parties in the session. 
  8. It all takes only seconds and requires no action by the user. 

Hands-On e-me.ca Secure WebMail

To get a hands-on look and feel for this technology you can actually fetch onto your own computer a Certificate Authority’s CA master cert and take a look at it by selecting properties from your menu. An example is shown here.

Visit http://mobrien.com/root_certificate_install.htm and open the first certificate presented on that page. You can install it on your computer if you like. It provides the Certificate Authority for https://imap.canadaemails.com/ which as you will see uses the AES 256-bit standard for high encryption. (This is much better than the cracked 128-bit algorithms.

Certificates can be issued by a number of widely trusted root certificate issuers such as canadaemails.com, thawte.com, and verisign.com. A certificate is required in order for a business to conduct secured transactions across the Internet.

CA Certificate example
For some hands-on comprehension of encryption you can actually encrypt an email message, with the encryption conversion fully visible, and send the 'secret' encrypted data to anyone you know by visiting http://www.canadaemails.com/encrypted_mail.shtml. To actually see SHA1 and MD5 at work, there is a demonstration tool within this Mail System Administrator at http://dbma.ca/demo/. Select "Encrypt Help" and press “Go!” You will get a hands-on demonstration opportunity using Unix Crypt, MD5, MD5Sum, SHA1 plus some fascinating applications where md5_base64: and SHA1 are salt/pass/key-seeded