06-10-2013 05:10 AM
I have few questions regarding the BCE configuration for CRES (i.e. BCE XML Config file) which I hope someone can help me with:
1) In BCE XML Configuration, under <external> element, there are <secure> and <unsecure> subelements which identify the Cisco RES service URL with HTTPS or HTTP. Under what considitions is HTTP (unsecure) used to access the key server? If I definitely do not wish to allow that, should I remove the <unsecure> element (or set to an invalid URL)?
2) Under <address> element, there is an email address for forwarding teh messages for mobile users. If my receipients are using BCE native app, they should be able to access the CRES service, obtain a key, and decrypt the incoming messages without any need for forwarding the encrypted mesasges to Cisco. Is this correct? If so, could I null the email address to avoid confusing the mobile users?
3) Under the <alborithms> element, there are number of options for defining sifferent encryption/hashing algs. I'm assuming that these are only relevent to the option of BCE performing the encription. But if I use "flag" option, the encryption is done by IronPort and no need for these algorithms on BCE side (and therefore no coordincation is needed between setting of these algs and IronPort encryption profile), Is this a fair assumption?
Regards.
06-14-2013 10:53 AM
Hi John,
1) You can comment out the line:
by replacing it with:
and the secure URL will only be used
2) I believe you could comment this line out as well in the configuration you describe
3) You are correct, if using the Flag encryption option these settings are not used. This is only used when using the desktop encryption feature.
Regards,
Steve
Content Security Technical Services - RTP, NC
Cisco Customer Interaction: 1-800-553-2447
06-14-2013 07:49 PM
Thanks Steve.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide