Educause Security Discussion mailing list archives
Re: Email signing and encryption
From: David Seidl <dseidl () ND EDU>
Date: Thu, 23 Aug 2007 11:25:43 -0400
I'll note that a number of us on the list are Thawte notaries, and if you're ever in our neck of the woods, we'd be glad to notarize you. When I was working for Purdue we had a few public notarization parties, resulting in a reasonable rate of adoption of digital signatures on campus. We also were able to bootstrap a number of notaries, which basically created a self sustaining Thawte Web of Trust notary group. While it isn't a substitute for an internal PKI, it did provide a usable digital signature capability that was recognized by most of the technical staff on campus. You will want to get ahead of the curve with a campus encryption standard for key escrow before suggesting use of certificates for email encryption rather than signatures - having an employee leave and needing access to encrypted email can become a real issue if the email is stored encrypted. David ------------------------------------------------------------ David Seidl, CISSP University of Notre Dame, Office of Information Technologies Ken Layng wrote:
Many here at Penn State are using the free certs from Thawte. Bear in mind the pros and cons of this approach. On the plus side, they're free, and an internal PKI is not necessary, and the data is more private. However, if certs are ever corrupted or lost, and a backup is not available, it means total loss of the encrypted data. Also, many institutions prefer to have control over the issuing of these certificates. This affords the ability to store the keys and therefore help users recover from the lost key scenario mentioned above. However, this presents exposure from the privacy side. Finally, Thawte uses a "Web of Trust". This approach trusts the user community to assert the validity of individuals' identities. Doing so increases the possibility that a few rogue notaries could create false identities. An internal PKI lets you control the process of assertions. Ken Layng Penn State Gudena, Chandragupta wrote:Email signing and encryption Hi, Is anyone using GnuPG (Gnu Privacy Guard) or PGP for digital signing and email encryption purposes? If not are there any other solutions that are being used? I would like to know your experience/ suggestions . Thanks. Chandragupta------------------------- <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri","sans-serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.Section1 {page:Section1;} --> Hi, Is anyone using GnuPG (Gnu Privacy Guard) or PGP for digital signing and email encryption purposes? If not are there any other solutions that are being used? I would like to know your experience/ suggestions . Thanks. Chandragupta
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Email signing and encryption Gudena, Chandragupta (Aug 23)
- <Possible follow-ups>
- Re: Email signing and encryption Ken Layng (Aug 23)
- Re: Email signing and encryption Georgia Killcrece (Aug 23)
- Re: Email signing and encryption Georgia Killcrece (Aug 23)
- Re: Email signing and encryption Jeff Giacobbe (Aug 23)
- Re: Email signing and encryption David Seidl (Aug 23)