No one can build his security upon the nobleness of another person.
Public-key infrastructure (PKI) is not new to Microsoft Exchange, or to Microsoft networking for that matter. When Microsoft Exchange 4 shipped, it included the first version of the Key Management Service (KMS), although over time the role and functionality of KMS have changed somewhat. When KMS was first introduced with Exchange, it was an all-inclusive certificate authority (CA) that limited you to a single CA server within the Exchange organization. This configuration worked well, but it had some obvious scalability and administration limitations.
Over the years, the need for security has increased, as has the need to support more complicated administrative models. The increased use of the Internet as a transport mechanism for business-critical messages has led to an increased demand for the ability to protect messages from eavesdropping or alteration. It’s relatively simple to provide this protection for users in the same Exchange organization; it’s more complex, but still possible, to do so for interorganization mail.
You might want to refer back to Chapter 2, “Security Protocols and Algorithms,” and Chapter 3, “Windows and Exchange Security Architecture,” for a refresher on basic PKI concepts and algorithms.