Re: Email signing and encryption

[David Seidl <dseidl () ND EDU>]

I'll note that a number of us on the list are Thawte notaries, and if
you're ever in our neck of the woods, we'd be glad to notarize you.

When I was working for Purdue we had a few public notarization parties,
resulting in a reasonable rate of adoption of digital signatures on
campus. We also were able to bootstrap a number of notaries, which
basically created a self sustaining Thawte Web of Trust notary group.
While it isn't a substitute for an internal PKI, it did provide a usable
digital signature capability that was recognized by most of the
technical staff on campus.

You will want to get ahead of the curve with a campus encryption
standard for key escrow before suggesting use of certificates for email
encryption rather than signatures - having an employee leave and needing
access to encrypted email can become a real issue if the email is stored
encrypted.

David
------------------------------------------------------------
David Seidl, CISSP
University of Notre Dame, Office of Information Technologies


Ken Layng wrote:
> Many here at Penn State are using the free certs from Thawte. Bear in
> mind the pros and cons of this approach. On the plus side, they're free,
> and an internal PKI is not necessary, and the data is more private.
> However, if certs are ever corrupted or lost, and a backup is not
> available, it means total loss of the encrypted data. Also, many
> institutions prefer to have control over the issuing of these
> certificates.  This affords the ability to store the keys and therefore
> help users recover from the lost key scenario mentioned above. However,
> this presents exposure from the privacy side.  Finally, Thawte uses a
> "Web of Trust". This approach trusts the user community to assert the
> validity of individuals' identities.  Doing so increases the possibility
> that a few rogue notaries could create false identities. An internal PKI
> lets you control the process of assertions.
>
> Ken Layng
> Penn State
>
>
> Gudena, Chandragupta wrote:
> > Email signing and encryption
> >
> > Hi,
> >
> > Is anyone using GnuPG (Gnu Privacy Guard) or PGP for digital signing
> > and email encryption purposes? If not are there any other solutions
> > that are being used? I would like to know your experience/ suggestions .
> >
> > Thanks.
> >
> > Chandragupta
>
> -------------------------
>
> <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math";
> panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri;
> panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal,
> li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt;
> font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link,
> span.MsoHyperlink {mso-style-priority:99; color:blue;
> text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed
> {mso-style-priority:99; color:purple; text-decoration:underline;}
> span.EmailStyle17 {mso-style-type:personal-compose;
> font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault
> {mso-style-type:export-only;} @page Section1 {size:8.5in 11.0in;
> margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} -->
>
> Hi,
>
> Is anyone using GnuPG (Gnu Privacy Guard) or PGP for digital signing and
> email encryption purposes? If not are there any other solutions that are
> being used? I would like to know your experience/ suggestions .
>
> Thanks.
>
> Chandragupta

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature