[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Adrian Midgley wrote:
I don't entirely like that. There is a lot of scope for a building to building or department to department (or Practice to Hospital/Consultant's office) automatic encryption and signing thing built into the MTA, but for individual users, there should really be an _action_ of signing. But the underlying idea is great.
Wrong level - wire encryption ala IPSec achieves the same effect as MTA encryption but with out leaking the metadata to eaves droppers. It also encrypts the other traffic as well. Problem is the key management issues, the only promising scheme I've seen so far is FreeSWAN opportunistic encryption (DNS security remain), although I plead ignorance of IPv6 intended schemes for key management. Other wire level encryption can be done with free cipher schemes, and a little fiddling, in the style of PGP VPN but I haven't had the need. I guess OpenSSL could also provider an easy encryption scheme for email, although I'm not clear how suitable it is encryptionwise, and I prefer the lower level stuff, less scope for confusion. Once you agree on how to trust other people the rest is easy :) -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.