Educause Security Discussion mailing list archives
Re: Encrypted email
From: Mike Wiseman <mike.wiseman () UTORONTO CA>
Date: Wed, 19 Mar 2008 12:45:24 -0400
Perhaps a better place to start would be to define what the goals are. Clientless encryption is impossible if the goal is end-user to end-user encryption. Even Hushmail fell into this trap when they offered a clientless way for users to access their mail. They didn't make it clear to users that any time the server is involved with the decryption process, it means that your mail can be decrypted if there is a subpoena or a server is compromised.
These issues apply to *any* enterprise encryption technology since keys would need to be backed up or escrowed.
However, I wouldn't necessarily call it encryption.
Not sure what you're referring to - the Voltage product is based on identity-based encryption which is based on elliptic curve cryptography. No technology concerns there. Password strength is a concern but this can be dealt with via policy or the use of multi-factor authentication. Mike Mike Wiseman Computing and Networking Services University of Toronto
Current thread:
- Encrypted email Heather Flanagan (Mar 18)
- <Possible follow-ups>
- Re: Encrypted email Mike Wiseman (Mar 18)
- Re: Encrypted email Jesse Thompson (Mar 19)
- Re: Encrypted email Jesse Thompson (Mar 19)
- Re: Encrypted email Mike Wiseman (Mar 19)
- Re: Encrypted email Heather Flanagan (Mar 19)
- Re: Encrypted email Matthew Gracie (Mar 20)
- Re: Encrypted email Jesse Thompson (Mar 21)
- Re: Encrypted email Jesse Thompson (Mar 21)