Educause Security Discussion mailing list archives
Re: Secure Email
From: Matthew Keller <kellermg () POTSDAM EDU>
Date: Mon, 4 Oct 2004 14:56:23 -0400
Neal, First let me apologize. My reply to your original message was on the heels of a discussion had with a "web developer" who was arguing they made a "secure web form" because it required a valid campus e-mail address in the "from" field. As a more direct, and useful, answer to your question: while we don't have compliance issues, currently, we have dabbled with a couple different solutions in this space- Some commercial, some not, including Entrust's Secure * Solutions as well as RSA's SecurID/Keon/Federated Identity- Both very interesting products that can go much further than just e-mail and meet or exceed current and expected regulations. End-to-end encryption couple with storage-level security, as noted below, is a great first step, and I believe is an acceptably compliant solution for all current federal regulations, and the more stringent State regulations that I am aware of. On Mon, 2004-10-04 at 13:46, Clonts, Neal D. (HSC) wrote:
We have compliance issues that we are trying to meet. Are we looking for the technical solution that will resolve all of our security issues with e-mail? Probably not... Some of the applications that we have looked at are Sigaba, Zipcorp, Entrust and so on. Right now we are more interested in if anyone is using any type of product for secure email not the technical specifications of what truly is secure e-mail. --------------------------------------------- Neal Clonts, CISSP, MCP Information Security Services University of Oklahoma Health Sciences Center Office Phone: 405-271-2476, Option 2 Cell Phone: 405-255-2999 Website: http://security.ouhsc.edu -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Keller Sent: Monday, October 04, 2004 11:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Secure Email "Secure e-mail" is a neat myth. I'm assuming you mean end-to-end encryption via SMTPS for sending and IMAPS/POPS for receiving? Please keep in mind that this does nothing for "securing" the mail during storage, nor does it "secure" mail from "non-S" clients that use SMTP or IMAP/POP, and transfer that allegedly secured e-mail over the wire(s) en claire. If you're referring to another mechanism, feel free to elaborate. On Mon, 2004-10-04 at 11:59, Clonts, Neal D. (HSC) wrote:Currently we are looking at a secure email solution for our campus. Does anyone currently use a secure email solution in theirenvironment?Does your campus environment consist of a health science center? --------------------------------------------- Neal Clonts, CISSP, MCP Information Security Services University of Oklahoma Health Sciences Center Office Phone: 405-271-2476, Option 2 Cell Phone: 405-255-2999 Website: http://security.ouhsc.edu ********** Participation and subscription information for this EDUCAUSEDiscussion Group discussion list can be found at http://www.educause.edu/groups/. -- Matthew Keller signat-url: http://mattwork.potsdam.edu/signat-url/ "No one ever says, 'I can't read that ASCII E-mail you sent me.'" ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
-- Matthew Keller signat-url: http://mattwork.potsdam.edu/signat-url/ "No one ever says, 'I can't read that ASCII E-mail you sent me.'" ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Secure Email Clonts, Neal D. (HSC) (Oct 04)
- <Possible follow-ups>
- Re: Secure Email Matthew Keller (Oct 04)
- Re: Secure Email Clonts, Neal D. (HSC) (Oct 04)
- Re: Secure Email H. Morrow Long (Oct 04)
- Re: Secure Email Matthew Keller (Oct 04)
- Re: Secure Email Jason Baack (Oct 04)
- Re: Secure Email Jere Retzer (Oct 04)
- Re: Secure Email Jamie A. Stapleton (Oct 04)
- Re: Secure Email Ken Shaurette (Oct 05)
- Re: Secure Email Harold A'Hole (Oct 05)