Re: sending secure docs using imap??

From: Nick Austin (w948293_nntp_at_digitalpipe.net)
Date: 07/27/03


Date: Sun, 27 Jul 2003 13:52:58 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 17 Jul 2003 18:08:42 +0000, Dimitri Maziuk wrote:

> Johan Mellberg sez:
>> "DukeNM" <tridentadm@netscape.net> wrote in message
>> news:6b07a80.0307162306.3d3ce74e@posting.google.com...
<..snip..>
> The advantage here is that users only need to tell their mail client to
> accept server certificate. They don't have to buy/install PGP etc.
<..snip..>

While I do agree that it is easier to just go with an encrypted transport
for receiving mail, I also think that in reality it does not buy you very
much extra security.

If these documents are truly sensitive, then you need to use some form of
end to end encryption. If you fail to employ a solution that encrypts the
document before you send it, then you have a plain text version of the
document sitting in the spool on the mail server, and in the received mail
folders on your mail client.

Also, a solution that relies on transport layer encryption suffers from the
fact that man in the middle attacks can be used by an advisory that has
the ability to intercept the protocol and change it (if the end user does
not pay attention to the warnings that there mail client may generate)

Good Luck
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/JDuZHmiYOiU4APYRAmv0AKC9iWMNqqdvOZJJUz3+h6eKG5HXWQCgzt+R
KX/HhRa19hBj4fc7vqHwFBQ=
=R9hy
-----END PGP SIGNATURE-----