Re: Purchases

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
Subject: [Dailydave] Purchases

> You know what would be a good purchase by Microsoft? PGP. There's really
no easier way 
> to do email encryption. I think the genius is that it's P2P rather than
set up by some 
> corporate IT center. MS should build it into their solutions so everyone
can use it - 
> and as a side benefit, it'd cripple the spammers.

P2P encryption creates some serious problems for med/large companies, enough
so as to actually keep companies from purchasing or even deploying it
widely.  Here's why:

1. Point-to-point encryption undoes all of the expensive, scalable security
that companies have deployed in their server rooms.  No more ClamAV/Sendmail
proxy or NAV on the Exchange server.  No more Postini or MXLogic.  No more
Ciphertrust or Tumbleweed.  They'd be reduced to expensive points of
failure.

2. It also prevents compliance monitoring.  HIPAA, GLB, and other laws and
regulations require that companies take measures to prevent disclosure of
certain types of information.  Encrypted e-mail that cannot be monitored by
the company is a big fiscal and PR (which is again fiscal) risk.

3. It won't stop spam.  In order for P2P email encryption to actually stop
spam, the end user must know who they will communicate with via e-mail.  For
many employees this impossible by definition.  If some random person can
retrieve your public key and send you a message and you can retrieve their
public key and decrypt their message without any heavy lifting, then there's
nothing to prevent spam.  Or viruses and malware.  Which now have a
bulletproof means of making it to the target's inbox.

PaulM


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave