Educause Security Discussion mailing list archives
Re: Encrypted email
From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Wed, 19 Mar 2008 09:32:39 -0500
Perhaps a better place to start would be to define what the goals are.Clientless encryption is impossible if the goal is end-user to end-user encryption. Even Hushmail fell into this trap when they offered a clientless way for users to access their mail. They didn't make it clear to users that any time the server is involved with the decryption process, it means that your mail can be decrypted if there is a subpoena or a server is compromised.
But if the goal is to provide a way for users to securely send sensitive data to any other email recipient, then it appears that a Voltage-type system would be very useful. However, I wouldn't necessarily call it encryption.
Jesse Thompson University of Wisconsin-Madison (email services) Mike Wiseman wrote:
Heather,I would be interested to hear about your experience with the Voltage product, (called SecureMail?). My institution does not currently support central email encryption but we’re running POC testing of X.509 certs, cryptographic smartcards – S/MIME is one of the areas of interest. But SecureMail looks interesting: clientless encryption, decryption authenticated using central authentication system, no user certs or keys to distribute/manage...MikeMike Wiseman Computing and Networking Services University of TorontoFor all of you out there handling HIPAA-protected email and other restricted information -Do you use an email encryption service or application? Stanford University uses Voltage (http://www.voltage.com), and we're starting a process to review the service overall to determine if this is still the right solution for us today. What's worked (or not worked) for you?Thanks! Heather Flanagan Director, System Administration heatherf () stanford edu <mailto:heatherf () stanford edu>
-- Jesse Thompson Email/IM: jesse.thompson () doit wisc edu
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Encrypted email Heather Flanagan (Mar 18)
- <Possible follow-ups>
- Re: Encrypted email Mike Wiseman (Mar 18)
- Re: Encrypted email Jesse Thompson (Mar 19)
- Re: Encrypted email Jesse Thompson (Mar 19)
- Re: Encrypted email Mike Wiseman (Mar 19)
- Re: Encrypted email Heather Flanagan (Mar 19)
- Re: Encrypted email Matthew Gracie (Mar 20)
- Re: Encrypted email Jesse Thompson (Mar 21)
- Re: Encrypted email Jesse Thompson (Mar 21)