S/MIME Encrypted Meeting Invitations Send via Outlook are Received as Text

book

Article ID: 156887

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

When creating a meeting invitation in Microsoft Outlook and encrypting it with S/MIME via PGP Universal Server, the receipient using Outlook sees the meeting invitation as a text message and not as the expected meeting invitation object that can be added to the Outlook calendar.

 

Cause

When only using Microsoft Outlook with X.509 certificates added to the Windows Certificate Store for email encryption, standard email can be encrypted and signed with S/MIME. However, meeting invitations are always sent in the clear as Microsoft Outlook does not support S/MIME encryption on meeting invitations.

PGP Universal Server will encrypt the meeting invitation as any other e-mail message with S/MIME and send it as a message with the encrypted contents in the attachment Message.p7m as specified in the RFC.  Any S/MIME capable client with the correct X.509 certificate including the private key will automatically decrypt the message contents. However, since Microsoft Outlook does not support encrypted meeting invitation objects, it will not detect this object as a meeting invitation and show it as text instead.

The message header of a meeting invitation contains:
Content-Type: text/calendar; method=REQUEST; charset="utf-8"

The message header of an encrypted mail (also for encrypted meeting invitations) contains:
Content-Type: application/pkcs7-mime;
 smime-type=enveloped-data;
 name=Message.p7m
Content-Disposition: attachment; filename=Message.p7m

Resolution

There are 3 options to work around this limitation:

1. Prevent encryption of meeting invitations. Meeting invitation works as expected, but not encrypted which can be a security risk. To prevent encryption of meeting inivitations:

In a PGP Universal Server managed environment

  • Add a rule to the mail policy of PGP Universal Server to send these messages in the clear

In a standalone PGP Desktop

  • Add a new policy for the account in PGP Messaging to not encrypt the meeting invitations. One example would be to add a policy to Send in Clear any message header which contains 

    Content-Type: text/calendar; method=REQUEST; charset="utf-8" 

2. Do not send out the meeting invitation itself, but forward the meeting appointment as an iCalender file from Microsoft Outlook. Meeting invitation can be added to the calendar, but responses as accepted/denied are no longer tracked, message is encrypted. See "Create an Add to calendar link in an email message" on http://office.microsoft.com/en-us/outlook-help/create-an-add-to-calendar-link-in-an-email-message-HA102114161.aspx?CTT=1

3. Await support for S/MIME encrypted meeting invitations in Microsoft Outlook. See also "Overview of certificates and cryptographic e-mail messaging in Outlook" on http://office.microsoft.com/en-us/outlook-help/overview-of-certificates-and-cryptographic-e-mail-messaging-in-outlook-HP001230534.aspx?CTT=1

 

 


Applies To

MS Outlook 2003 / 2007 / 2010

PGP Universal Server that handles e-mail and encrypts these meeting invitations with S/MIME