mailing list archives
Re: SMTP Encryption (S/MIME) for Outlook question
From: Lionel Ferette <lionel.ferette () belnet be>
Date: Wed, 31 Mar 2004 08:24:30 +0200
-----BEGIN PGP SIGNED MESSAGE-----
In the wise words of Crist J. Clark, on Wednesday 31 March 2004 03:39:
[SNIP pertinent comments]
Not much to add to the S/MIME part: while email clients are generally
rather user-friendly, the casual user will get lost as soon as you
mention "X.509", "public key" or "private key". And managing CRL's is
no piece of cake either.
To encypt the individual messages? You need, or maybe the people
laying this on you, need to think about this a bit more. For good
encryption you need two things: an eavsedropper cannot easily recover
the clear text and (people sometimes forget this part) the recipient
CAN easily recover the plain text.
Often you'll need one more thing: the ability for management to recover
the plaintext of an encrypted message. Key escrow, in a word. I don't
want to start an argument about whether it's a good idea or not, but
face it, it's a requirement in most medium to large companies.
[SNIP other pertinent comments]
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- Benjamin Franklin
BELNET CERT Coordinator
Rue de la Science 4 Tel: +32 2 7903333
1000 Brussels Fax: +32 2 7903335
Belgium PGP Key Id: 0x5662FD4B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.