Re: Confidentiality of email

From: Imhotep (NoSpam_at_NoThanks.com)
Date: 06/29/05 

Date: Wed, 29 Jun 2005 01:26:57 -0700

Roger Abell wrote:

>
> "Imhotep" <NoSpam@NoThanks.com> wrote in message
> news:KL1we.5162$8o.4191@fed1read03...
>> Roger Abell wrote:
>>
>> > "Imhotep" <NoSpam@NoThanks.com> wrote in message
>> > news:dKYve.5127$8o.1822@fed1read03...
>> >> Roger Abell wrote:
>> >>
>> >> > "To the OP I would suggest looking at PGP or SMIME if you
>> >> > need to send sensitive information through email."
>> >> >
>> >> > Correct me if I am mistaken, but PGP can be used to guarantee
>> >> > origin of an email, but as it uses signing with the private key an
>> >> > decrypting with the public, it certainly could not be used in this
>> >> > case to guarantee information privacy !!
>> >> >
>> >>
>> >> ...And why do you make this assumption? Let us review the facts.
>> >>
>> >
>> > I made an assumption ??? Pray tell.
>>
>> You seem to be suggesting that PGP can not be used for encryption...
>>
>
> Why would I have mentioned keys ?
>
> I swear, you seem to have difficulty reading.
>
> You stated without qualification that the OP should just use PGP.

I qoute myself form the original quote I sent to the OP:

"To the OP I would suggest looking at PGP or SMIME if you need to send
sensitive information through email. If you have a Email gateway (using
sendmail or a derivative) you could go with an email gateway to email
gateway encryption. It is pretty easy to configure too..."

I did not say he "should just use PGP". In fact I listed 3 possible
solutions:
1) PGP
2) SMIME
3) SMTP Gateway to SMTP Gateway encryption (The solution I use. It is the
best as users do not even have to know that their emails are being
encrypted in transit. And it is free to boot!)

So who really has problems reading here? Evidently you should slow the
pointing of that hypocritical finger of yours...and read first.

> I saw need to qualify as in one common form of use this would
> only provide for message integrity, not privacy.

In fact PGP can do both. Do you disagree?

> In this public space it is IMO necessary that one attempt to not
> be ambiguous. Even if the OP could see past the unstated need
> for private exchange of the public key with the (county) intended
> recipient, it is unsafe to assume that the next googler will.
>

I would assume that some googler would review the technology before
implementation. How to exchange keys. Should a public key server be used.
Etc, Etc...

After all we are not here to hold hands but help suggest possible solutions.
Which I did. If someone needed more detailed info they can just post the
question...

-Im

Relevant Pages

  • Re: Old VPC updates posted
    ... I have posted my PGP keys and created detached signatures for all the ... the signatures have downloaded with the .SIG extension ...
    (microsoft.public.mac.virtualpc)
  • Re: Hack PGP on xasamail.com
    ... > couldn't be copied by the backup system. ... > left with a few PGP files without any keys. ... > around on the net and I have the password to the secret file but ...
    (Security-Basics)
  • Re: which mail client can be integrate with PGP?
    ... I m using linux to add pgp keys after created RSA keys using ... 1990-96 Philip Zimmermann, Phil's Pretty Good Software. ...
    (comp.unix.bsd.freebsd.misc)
  • RE: Hack PGP
    ... I think he said NASA computers because of the supercomputing mainframes ... Asunto: Re: Hack PGP ... keys, just kidding, the fact is that if I were to avoid trust someone, I ...
    (Security-Basics)
  • Re: Small office Firewall.
    ... to Phil Zimmerman and was the original way PGP was implemented and Phil took ... PGP was first, GNU's GPG was subsequent: ... NSA Alternatives (applies to symmetric and special keys only: ... Alice verifies that Bob is Bob and that you are you. ...
    (Security-Basics)