Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: SMTP Encryption (S/MIME) for Outlook question
From: Lionel Ferette <lionel.ferette () belnet be>
Date: Wed, 31 Mar 2004 08:24:30 +0200

Hash: SHA1

In the wise words of Crist J. Clark, on Wednesday 31 March 2004 03:39:

[SNIP pertinent comments]
Not much to add to the S/MIME part: while email clients are generally 
rather user-friendly, the casual user will get lost as soon as you 
mention "X.509", "public key" or "private key". And managing CRL's is 
no piece of cake either.

To encypt the individual messages? You need, or maybe the people
laying this on you, need to think about this a bit more. For good
encryption you need two things: an eavsedropper cannot easily recover
the clear text and (people sometimes forget this part) the recipient
CAN easily recover the plain text.
Often you'll need one more thing: the ability for management to recover 
the plaintext of an encrypted message. Key escrow, in a word. I don't 
want to start an argument about whether it's a good idea or not, but 
face it, it's a requirement in most medium to large companies.

[SNIP other pertinent comments]



- -- 
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- Benjamin Franklin

Lionel Ferette
BELNET CERT Coordinator

Rue de la Science 4                 Tel: +32 2 7903333
1000 Brussels                       Fax: +32 2 7903335
Belgium                             PGP Key Id: 0x5662FD4B
Version: GnuPG v1.2.3 (GNU/Linux)


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]