Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Email signing and encryption
From: David Seidl <dseidl () ND EDU>
Date: Thu, 23 Aug 2007 11:25:43 -0400

I'll note that a number of us on the list are Thawte notaries, and if
you're ever in our neck of the woods, we'd be glad to notarize you.

When I was working for Purdue we had a few public notarization parties,
resulting in a reasonable rate of adoption of digital signatures on
campus. We also were able to bootstrap a number of notaries, which
basically created a self sustaining Thawte Web of Trust notary group.
While it isn't a substitute for an internal PKI, it did provide a usable
digital signature capability that was recognized by most of the
technical staff on campus.

You will want to get ahead of the curve with a campus encryption
standard for key escrow before suggesting use of certificates for email
encryption rather than signatures - having an employee leave and needing
access to encrypted email can become a real issue if the email is stored
encrypted.

David
------------------------------------------------------------
David Seidl, CISSP
University of Notre Dame, Office of Information Technologies


Ken Layng wrote:
Many here at Penn State are using the free certs from Thawte. Bear in
mind the pros and cons of this approach. On the plus side, they're free,
and an internal PKI is not necessary, and the data is more private.
However, if certs are ever corrupted or lost, and a backup is not
available, it means total loss of the encrypted data. Also, many
institutions prefer to have control over the issuing of these
certificates.  This affords the ability to store the keys and therefore
help users recover from the lost key scenario mentioned above. However,
this presents exposure from the privacy side.  Finally, Thawte uses a
"Web of Trust". This approach trusts the user community to assert the
validity of individuals' identities.  Doing so increases the possibility
that a few rogue notaries could create false identities. An internal PKI
lets you control the process of assertions.

Ken Layng
Penn State


Gudena, Chandragupta wrote:
Email signing and encryption

Hi,

Is anyone using GnuPG (Gnu Privacy Guard) or PGP for digital signing
and email encryption purposes? If not are there any other solutions
that are being used? I would like to know your experience/ suggestions .

Thanks.

Chandragupta




-------------------------

<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal,
li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt;
font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link,
span.MsoHyperlink {mso-style-priority:99; color:blue;
text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99; color:purple; text-decoration:underline;}
span.EmailStyle17 {mso-style-type:personal-compose;
font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault
{mso-style-type:export-only;} @page Section1 {size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} -->

Hi,

Is anyone using GnuPG (Gnu Privacy Guard) or PGP for digital signing and
email encryption purposes? If not are there any other solutions that are
being used? I would like to know your experience/ suggestions .

Thanks.

Chandragupta




Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault