Could you provide me with more detail on how secure reply and forwarding work within CRES? It look as though the message is being stored within CRES somehow. I assumed that with CRES the actual message is never sent to CRES, but only the keys were. Is there a more technical detail on exactly how CRES works then what is in the User or Advncaed Guide for email security?
True, when a recipient of the secure message does a reply/reply all/forward of the secure message this is composed via a web applet over https and message is sent to CRES server which transmits this message to the sender/recipient of the message.
So, simple answer for secure replies and forward this is sent by the CRES server. One reason I see behind this, there is no way to rely on end user/recipient's hostmachine or network could provide a way to encrypt the message and deliver the message to intended recipient securely.
More information is available on the support portal CRES documentation.
With Secure replies and Secure Forward message is transmitted from the host machine to CRES server's over HTTPS and from there message is delivered via PXE encrypted envelope to your internal user or you could opt for secure replies via TLS which would mean connection between CRES and your MTA (IronPort ESA) will be TLS encrypted and message is sent in plaintext through secure channel.