Unencrypted messages can be hijacked in transit and read or altered．If the mail is not digitally signed，you can't be sure where it came from．

    未加密的信息可能在傳輸中被截獲
、偷看或竄改。如果郵件不是數字簽名的，你就不能肯定郵件是從哪裏來的。
 
    There are many options for securing e-mail，all with a few strengths and probably more weaknesses．

    確保電子郵件的安全有多種選擇，它們都有些長處，但有可能存在更多弱點。

    Let's take care of the easy decisions．Secure/Multipurpose Internet Mail Extensions(S/MIME)should be the message encryption and digital signature format because it's the accepted standard and is built into leading e-mail clients such as Microsoft Outlook 98/2000 and Lotus Notes R5．Yet a standard such as S/MIME only takes you so far．Each vendor has implemented its own interpretation of S/MIME，which makes interoperability problematic．This drawback is exacerbated by the emergence of S/MIME Version 3 in the newest e-mail clients，which again could create interoperability issues．

    讓我們先關注一下容易做的決定，安全/多用途因特網郵件擴展(S/MIME)應該是信息加密和數字簽名的格式，因為它是已被認可的標準，被做進了主要的電子郵件客戶端軟件中
，如微軟的Outlook 98/2000和蓮花公司的Notes R5。迄今為止，你隻能用S/MIME一類的標準。每家供應商都有自己對S/MIME的解釋，這就引出 了互用性問題，最新的電子郵件客戶端軟件中S/MIME三版的出現

，加重了這個缺陷，它再次可能帶來互用性問題。

    The path of least resistance is to get an e-mail security gateway
， which is analogous to a firewall for e-mail．Every message going in or out pases through the gateway
，allowing security policies to be enforced (where and when messages can be sent)，virus checking to be performed，and messages to be signed and encrypted． One drawback of the gateway approach is that it doesn't provide user-based security．For example，the gateway encrypts outbound messages so recipients can verify they came from your company

，but recipients can't prove from whom they came．

    阻力最小的道路就是采用電子郵件安全網關，它相當於電子郵件的防火牆。進出的每一條信息都要經過網關，網關可以實施安全政策(信息在何 時向何地發送)
、執行病毒檢查並給信息簽名和加密。這種網關方法的一個缺陷就是它不 能提供基於用戶的安全性。例如
，網關對向外發的信息進行加密，因而接收方能驗證它 們來自你的公司，但接收方不能證明它們來自哪個人。

    Client-based methods use your private key to sign messages(proving it came from you)，which is a more granular level of security，but they have weaknesses as well．They need to be configured on each desktop
，which includes issuing a digital certificate to each user (for encryption and digital signature)
，and ensuring that a proper security profile is configured within the e-mail client．

    基於客戶端的方法采用你私人密鑰來簽署信息(證明它出自於你)
，這是更細化的安全等級，但它們也有弱點。它們需要配置到每個桌麵係統
，包括向每個用戶發數字證書(用於加密和數字簽名)
，並確保在每個電子郵件客戶端都配置了合適的安全配置文件。

    There are also a number of Web-based secure mail services that keep all messages within their environment at all times to ensure security．You use a secure site on the Internet to compose a message．Once you hit“Send”，the site encrypts and stores the message on its site，and sends the recipient an e-mail notification that a secure message is waiting．The recipient links to the site， provides a shared secret for authentication，and accesses the message via Secure Sockets Layer． Unfortunately
，this method does not work with existing enterprise e-mail systems．

    也有多種基於Web的安全郵件服務
，這些服務在任何時候把所有信息都保持在它們的環境中，以確保安全性。你利用因特網上一個安全網站來 編寫信息
，一旦你點擊了“發送”，wangzhanjiujinxingjiamihebaxinxibaocunzaigaiwangzhanzhong，bingxiangjieshoufangfayifendianziyoujiantongzhi，gaosutayouyifenanquandexinxidengtaqujieshou。jieshoufanglianjiedaogaiwangzhan，tigongyongyurenzhengdegongxiangmimi，tongguoanquanrukouceng(SSL)訪問該信息。可惜，此方法不能與現有的企業電子郵件係統一起工作。

    The stickiest issue is building a directory of digital certificates．This directory holds the certificates needed to encrypt messages to a recipient．Internally，building the directory may not be a big deal because all certificates for a company can be published in a central Lightweight Directory Access Protocol server
，but externally this causes many problems．You will need to establish an agreement with a recipient's organization to ensure access to the right digital certificates．This process， however， creates more user training issues and adds complexity to e-mail communications．

    最zui困kun難nan的de問wen題ti是shi建jian立li數shu字zi證zheng書shu目mu錄lu。此ci目mu錄lu保bao存cun著zhe向xiang一yi名ming接jie收shou人ren發fa的de信xin息xi進jin行xing加jia密mi所suo需xu的de證zheng書shu。從cong內nei部bu講jiang，建jian目mu錄lu可ke能neng不bu是shi件jian大da事shi，因yin為wei一yi家jia公gong司si的de所suo有you證zheng書shu可ke以yi由you中zhong央yang簡jian化hua目mu錄lu訪fang問wen協xie議yi服fu務wu器qi頒ban發fa，但dan從cong外wai部bu講jiang，這zhe會hui引yin起qi很hen多duo問wen題ti。你ni需xu要yao與yu收shou件jian人ren所suo在zai組zu織zhi達da成cheng協xie議yi
，以yi確que保bao訪fang問wen正zheng確que的de數shu字zi證zheng書shu。然ran而er，這zhe個ge過guo程cheng會hui造zao成cheng更geng多duo的de用yong戶hu培pei訓xun問wen題ti以yi及ji增zeng加jia電dian子zi郵you件jian通tong信xin的de複fu雜za性xing。

    Although there is technology available for secure e-mail
， widespread deployment is still problematic． However，as more companies and regular e-mail users see the need to secure their messages，the use of digital certificates will one day become a transparent part of your everyday activities．

    雖sui然ran已yi有you技ji術shu可ke用yong於yu安an全quan的de電dian子zi郵you件jian，但dan廣guang泛fan部bu署shu仍reng是shi個ge問wen題ti。然ran而er
，隨sui著zhe更geng多duo的de公gong司si和he普pu通tong電dian子zi郵you件jian用yong戶hu看kan到dao了le確que保bao其qi信xin息xi安an全quan的de需xu要yao，終zhong 有一天使用數字證書會變得透明


，成為你日常生活的一部分。