CRES and BCE XML Configuration

johnsmith1000 · ‎06-10-2013

I have few questions regarding the BCE configuration for CRES (i.e. BCE XML Config file) which I hope someone can help me with:

1) In BCE XML Configuration, under <external> element, there are <secure> and <unsecure> subelements which identify the Cisco RES service URL with HTTPS or HTTP. Under what considitions is HTTP (unsecure) used to access the key server? If I definitely do not wish to allow that, should I remove the <unsecure> element (or set to an invalid URL)?

2) Under <address> element, there is an email address for forwarding teh messages for mobile users. If my receipients are using BCE native app, they should be able to access the CRES service, obtain a key, and decrypt the incoming messages without any need for forwarding the encrypted mesasges to Cisco. Is this correct? If so, could I null the email address to avoid confusing the mobile users?

3) Under the <alborithms> element, there are number of options for defining sifferent encryption/hashing algs. I'm assuming that these are only relevent to the option of BCE performing the encription. But if I use "flag" option, the encryption is done by IronPort and no need for these algorithms on BCE side (and therefore no coordincation is needed between setting of these algs and IronPort encryption profile), Is this a fair assumption?

Regards.

srussell · ‎06-14-2013

Hi John,

1) You can comment out the line:

http://res.cisco.com

by replacing it with:

and the secure URL will only be used

2) I believe you could comment this line out as well in the configuration you describe

3) You are correct, if using the Flag encryption option these settings are not used. This is only used when using the desktop encryption feature.

Regards,

Steve

Content Security Technical Services - RTP, NC

Cisco Customer Interaction: 1-800-553-2447

johnsmith1000 · ‎06-14-2013

Thanks Steve.