Security Basics mailing list archives

FW: Email Encryption Between Servers

From: check <check () wescom org>
Date: Wed, 2 Apr 2003 09:19:26 -0800




-----Original Message-----
From: Michael Osten [mailto:mosten () bleepyou com] 
Sent: Tuesday, April 01, 2003 4:53 PM
To: security-basics () securityfocus com
Subject: RE: Email Encryption Between Servers

On Tue, 2003-04-01 at 11:27, Robinson, Sonja wrote:

We evaluated three enterprise solutions and bid them out.  I believe that
once e-mail leaves your network using exchange it is automatically sent
clear text, hence the need for encryption.  I am not an exchange
administrator so...  And if you are sending PHI or GLBA I would send in no
less then 128-bit anyway.  

There are a number of issues you need to think of when evaluating

encryption

including, logging/reporting, forensics & investigations, ease of use for
users, ease of administration, key exchanges, can I force my business
partners to buy the same product/hardware/service, send to anyone
capability, what constitutes due diligence, cost, etc.  

I am not endorsing any one vendor and these are not necessarily the

opinions

of my employer and should not be construed as such.

 


I'm pretty sure that Exchange (I know Sendmail/Postfix/Qmail/Exim do)
support StartTLS?  

The benefit of StartTLS is that it is free (other than the cert), open
standards, and will automatically encrypt communications between any
other mail sever running StartTLS (not just your partners).

---------------------------
Michael Osten

http://lists.netsys.com/pipermail/full-disclosure/2003-February/008369.html
When caught, McWilliams was seen at his
computer finishing a non fictional piece titled "Art
of Deception to the 100th Power. Pi don't equal Pie
Bitch."


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics


**********************************************************************
This email and any files transmitted with it are confidential 
and intended solely for the use of the individual or entity to 
whom they are addressed.  If you have received this email 
in error, please delete it immediately and advise the sender.
WESCOM CREDIT UNION (626) 535-1000
**********************************************************************


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics

Current thread:

RE: Email Encryption Between Servers, (continued)
- - RE: Email Encryption Between Servers Dr. S. A. Vetha Manickam (Apr 02)
  - RE: Email Encryption Between Servers White-Tiger (Apr 02)
- StartTLS (was: Email Encryption Between Servers) Bear Giles (Apr 03)
- RE: Email Encryption Between Servers Robinson, Sonja (Apr 01)
  - RE: Email Encryption Between Servers Michael Osten (Apr 02)
- RE: Email Encryption Between Servers Garbrecht, Frederick (Apr 01)
  - RE: Email Encryption Between Servers PWBakker (Apr 02)
- Re: Email Encryption Between Servers Chris Berry (Apr 01)
- RE: Email Encryption Between Servers Craig Humphrey (Apr 02)
  - RE: Email Encryption Between Servers Michael Leigh (Apr 02)
- FW: Email Encryption Between Servers check (Apr 02)
- RE: Email Encryption Between Servers Robinson, Sonja (Apr 04)
  - RE: Email Encryption Between Servers dave (Apr 07)
- RE: Email Encryption Between Servers Brent Woodard (Apr 07)