Difference between revisions of "Regimail"

From regify WIKI
Jump to navigation Jump to search
Line 62: Line 62:
  
 
=== Why don't you support SSO solutions? ===
 
=== Why don't you support SSO solutions? ===
Single Sign On (SSO) allows people to login on websites using a small set of general credentials. The aim is to reduce the need for many passwords and reduce the number of authentication procedures a user has to complete.
+
Single Sign On (SSO) allows people to login on websites using a small set of general credentials. The aim is to reduce the need for many passwords and reduce the number of authentication procedures a user has to complete. Sometimes we get asked, why we do not support such SSO solutions like oAuth, OpenID and others.
  
'''The short answer:''' It is because SSO solutions do not fit to the regify infrastructure.
+
'''The short answer:''' It is because SSO solutions do not fit to the regify infrastructure and security concept.
  
 
'''The long answer:'''
 
'''The long answer:'''
Line 78: Line 78:
 
In theory, the <span style="color: green;">green line</span> would work in a similar way to the standard SSO scenario above. Sadly, this is not sufficient.
 
In theory, the <span style="color: green;">green line</span> would work in a similar way to the standard SSO scenario above. Sadly, this is not sufficient.
  
The <span style="color: orange;">orange lines</span> showing critical authentications. For this, the regify provider needs to authenticate the user inside of the regify protocols. They need e-mail address and password. If we would replace using SSO, we would have to do the complete SSO process at every time. This would force the user to enter his credentials each time he uses regify client software.
+
The <span style="color: orange;">orange lines</span> showing critical authentications. For this, the regify provider needs to authenticate the user inside of the encrypted regify protocols. They need e-mail address and password. If we would replace using SSO, we would have to do the complete SSO process at every time. This would force the user to enter his credentials each time he uses regify client software. And on mobile devices this is a pain (especially with slow connectivity).
  
The <span style="color: red;">red line</span> shows communication between the PLS (Provider Lookup Service) and the regify provider. This is fully automated during PLS calls of the clients and this needs authentication using user credentials, too. As there is not way to do this using SSO, this is functionality that will never work. PLS is needed for every initial installation of regify client software and enables the process to identify the regify provider the user has signed up and automates customization.
+
The <span style="color: red;">red line</span> shows communication between the PLS (Provider Lookup Service) and the regify provider. This is fully automated during PLS calls of the clients and this needs authentication using user credentials, too. The main aim is to prevent misuse. As there is no way to do this using SSO, this is functionality that will never work. The PLS is needed for every initial installation of regify client software and enables the process to identify the regify provider the user has signed up and automates customization.
  
A possible solution is to synchronize the regify password with the other SSO passwords. This may be done with automated scripts using our regify provider SDK (software development kit).
+
A possible solution to ease password handling for the user is to synchronize the regify password with the other SSO passwords. This may be done with automated scripts using our regify provider SDK (software development kit).
  
 
== Additional WEB-Portal questions ==
 
== Additional WEB-Portal questions ==

Revision as of 09:38, 20 January 2016

You can find the answers to the most common and frequently asked questions (FAQ) on the website of regify.

Contents

Additional General FAQ

Why do I need to sign up a regify account in order to receive regimails (regipay)?

Because we want to offer the decrypted content only to the addressee. Thus, we need to make sure that the person who opens a regify message is the addressee. We only know about the person if he registered a regify account. Imagine we would not verify the account, either noone or all people would be able to open the message. Both is not the intention of secure communication.

Isn't there a way to do some action on the recipient side without installing some software?

As long as no regify software is installed on the recipients machine (PC or mobile), the operating system does not know about regify or the file extension RGF. Thus, it will display a message saying that it does not know how to handle the file. This software is developed by Microsoft or Apple and therefore we have no chance to change the way this is handled.

  • There is also no magical way to automatically forward the attached file to some website. If this is possible, every virus developer would be very happy.
  • There is also no way to send the encrypted message as an executable file, as all executable files are blocked by Operating Systems and e-mail clients because of security reasons.
  • We can not make the Operating System decrypt regify messages without installing any regify software because the Operating System does not know regify technology, algorithms and file formats.

Why don't you ask Microsoft/Apple to integrate regify?

Until today, Microsoft did not add any third party software to Windows. Adobe asked to include Acrobat Reader for PDF, but they refused. There is no chance to convince Microsoft to include regify software in Windows by default. The same for Apple.

I changed my regify account password. Why do I need to re-enter it in the clients?

The regify account is handled in the web portal of your regify provider. Your local installed software logs in to the regify provider each time it wants to send or open a regify message. Upon this, the local installed software needs to know the new password. Otherwise, the regify provider does not know if you are the right person. Thus, you also need to update the password in all local installed software. This also allows you to ban any thieves they may have stolen your device. Simply change the password of your regify account and they no longer can read any regify messages on your device. Hint: Quickly change your e-mail account passwords, too.

My Anti-Virus scanner detected regify software as virus/trojan!

This is a false positive. Today virus scanners are using many methods to identify problematic code and sadly sometimes they simply fail. In history, anti-virus scanners detected even popular software like Google Chrome as virus. If we get notice about such false positive, we try to report this false positive to the anti-virus vendor as fast as possible.

Why don't you stop or prevent such false positives?

Because no one is aware of such. Each time an anti-virus vendor is updating his software, it might happen that one of the million rules accidentally matches the regify software. There is no way to work around that. The regify software is connecting the internet and accessing the file-system and therefore, there is always a risk of being the target of a false positive.

Additional Mobile App FAQ

Why does the e-mail app xyz does not open rgf files?

We tell the Operating System to open RGF files with the regify client app. Sadly, some vendors of other e-mail client apps (eg GMail) do not follow the Operating System guides for handling attachments and file types. If the e-mail client software simply ignores the file types registered in the operating system, it will not know how to open a RGF file.

Why don't you fix this?

Because we can not fix the software written by other developers than us. We can neither fix the behaviour of the operating systems nor the behaviour and functionality of any other third party software.

And why don't you ask the vendor to fix this?

We did, but we do not even get answers (e.G. Google, XING).

Why is there no "Send regify" or "Answer with regify" button in my e-mail app?

Because we can not change or enhance the software written by other developers than us. Especially if the end-user installed an alternative e-mail client (K9, Aqua Mail etc.), we have no chance to integrate regify functionality there.

More details on Android: Some e-mail apps allowing extensions but sadly most mobile device vendors are changing the Operating System default e-mail app (e.G. Samsung, Huawei, ...). Thus, even such extension would be useless on many mobile devices.

More details on iOS: Apple does not offer any way for extending the default e-mail app.

I have connectivity issues if not connected to WLAN. Why don't you fix?

If your device is having problems to reach the internet, regify can not help you as you have to solve this by checking your mobile plan, device settings, roaming capabilities etc. Sadly, missing internet connectivity can not get solved by regify software.

Additional Desktop Client FAQ

Why do I need to install software?

Please read the answer to the question above "Isn't there a way to do some action on the recipient side without installing some software?".

Why do I need administrator rights to install the regify client?

We like to install the Outlook AddIn, too. Sadly, Microsoft decided to not allow the installation of AddIn's without Administrator rights. The same is for Thunderbird. As most people are using one of the two, we need Administrator rights by default.

Why do I need to say "yes" or "continue" that often if I start the regify client setup after downloading?

Because many viruses are downloaded from the internet. The Operating System wants to make sure that you are aware of the risk and asks you several times about your decision to open this file.

Why don't you turn off these questions?

Because we can not change the way how Microsoft (IE), Mozilla (Firefox), Google (Chrome) or Apple (Safari) developed their Operating Systems and Web-browsers. If there would be a chance to easily work around these dialogues, every developer of viruses would do the same, right?

Why don't you support SSO solutions?

Single Sign On (SSO) allows people to login on websites using a small set of general credentials. The aim is to reduce the need for many passwords and reduce the number of authentication procedures a user has to complete. Sometimes we get asked, why we do not support such SSO solutions like oAuth, OpenID and others.

The short answer: It is because SSO solutions do not fit to the regify infrastructure and security concept.

The long answer:

This is how SSO works in general:

Sso general.png

This is the environment that regify needs:

Sso regify.png

In theory, the green line would work in a similar way to the standard SSO scenario above. Sadly, this is not sufficient.

The orange lines showing critical authentications. For this, the regify provider needs to authenticate the user inside of the encrypted regify protocols. They need e-mail address and password. If we would replace using SSO, we would have to do the complete SSO process at every time. This would force the user to enter his credentials each time he uses regify client software. And on mobile devices this is a pain (especially with slow connectivity).

The red line shows communication between the PLS (Provider Lookup Service) and the regify provider. This is fully automated during PLS calls of the clients and this needs authentication using user credentials, too. The main aim is to prevent misuse. As there is no way to do this using SSO, this is functionality that will never work. The PLS is needed for every initial installation of regify client software and enables the process to identify the regify provider the user has signed up and automates customization.

A possible solution to ease password handling for the user is to synchronize the regify password with the other SSO passwords. This may be done with automated scripts using our regify provider SDK (software development kit).

Additional WEB-Portal questions

Why is it so complicated to open an RGF file on the portal?

We at regify want you to be protected against security risks. Thus, we decided to send the regify messages end-to-end encrypted. By following this principle, we encrypt the message on the device of the sender. Upon this, the encrypted message (RGF file) is sent directly to the recipient. It is not transported by any regify infrastructure. It is sent using your e-mail account directly to the addressee. The addressee receives the message in his inbox. There is no copy of the message on a regify web-server. Opening the RGF file using an installed regify software/app is easy (double click). But using the regify web portal is more complicated because the web portal does not own your RGF file. You first have to upload the RGF file to the web portal in order to ask it for opening.

Why don't you make it more easy?

The behaviour you are experiencing is the way how Microsoft/Apple designed it. We tried to make our portal as easy as possible by allowing Drag&Drop and writing some help text, but the need for uploading is still there.

Why can't I use Drag&Drop for uploading?

Because you may use Outlook as e-mail client. Microsoft does not support Drag&Drop of attachments to a web-browser (even IE). Mozilla Thunderbird, Lotus Notes and many other e-mail clients are supporting this - but sadly not Outlook.

Why don't you make the e-mail such that it uploads automatically?

We can't do this because we can not change the way how third party software (e.G. Outlook) handles e-mails. Many options are simply blocked because of security. Others are not working on all e-mail clients. We do not see a way to change this behaviour.

Why don't you send the password directly in the e-mail?

Some people complain that the registration process is somehow cumbersome. The password is only shown after clicking the activation link in the activation e-mail and, depending on the regify provider, it is needed to enter a code received by SMS (mobile text message). Please understand that an ordinary e-mail is like a postcard. Everybody that handles the message is able to read the content: your e-mail provider, the e-mail server administrators and possibly any other party accessing the cables...

Showing the password in the web-browser with online-banking grade encryption is much more secure and respects your privacy. And, together with SMS, you can even fight people who are clever enough to intercept your e-mails and click on the contained link for you.

Consider what happens if we don't protect you like this: Every computer magazine would call us the most insecure system...

I don't like the design/colours/dialogues

We know as many opinions on this issue as we have people in the room. The current regify portal is the result of 7 years of a growing product that only started with registered e-mail. Today, the same portal structure handles more than 5 products and a lot of new functionalities and settings. We realized the problem in 2013/2014 and the regify provider V4 is now offering a complete redesign of the whole user interface. It is less complicated, more lightweight, modern and showing the most used functions on prominent positions.

Why is the upload size for RGF files limited to 8MB?

Because many people do not have a fast internet connection. If it takes more than 2 minutes to upload, the webserver or even the web-browser will show you a timeout. The regify provider V4 is able to walk around this issues and offers upload for even bigger files.