[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sun, Nov 08, 2009 at 11:44:38AM +0000, Simon Waters wrote: > > How do they validate this is you, and your key? Seems it depends on the > original email being read by the correct person? So this is marginally > better than sending a plain text email, as at least an attacker would > have to intercept the first email. Although if they have this bit of the > protocol wrong for using encryption.... > The whole process seems to be as follows - Send an email to someone in the FOS - Receive the following response (see below) - Future emails presumably normally cross checked to ensure validity of key etc Subject: Secure message from Financial Ombudsman Service You have received a PGP Universal Secured Message from: *****@financial-ombudsman.org.uk ** Please note that replies to this notification message are not secured. If you wish to respond to the message securely please do so via the web portal. ** To read this message securely, please click this link: https://keys.financial-ombudsman.org.uk/ Why have I received this? This type of message has been sent to you because the sender believes that it contains confidential or sensitive data. The email system has not been able to find a secure method of sending this email and it is therefore stored on a web based email system so that it may be viewed securely using a web browser. What is my passphrase? The first time you access this service you will be prompted to create a passphrase (or password) . Subsequent emails will use the same passphrase that you set initially. Can I reply to this email? You can reply directly to this notification email in the normal manner, however anything contained in the response will not be sent securely. When you have entered the Web Messenger service you can reply to the secure message which will be sent securely. Can I forward a secure message to a colleague internally? No, it is not possible to forward the content of the email. If a colleague needs access to the information contained in the e-mail, contact the sender and ask them to resend it. Can I attach documents? Yes, when replying to the email using the Web Messenger service the option is there to attach documents. Please note that these attachments are also sent securely, therefore you do not need to password protect them. Why can’t I access the site? .... Do I have to use Web Mail? We have the ability to send and receive openPGP and SMIME encrypted emails. When this type of solution is in place the WebMessenger service is not required. If your company has the ability to use openPGP or SMIME there are a number of ways to initiate this type of communication. 1. Upload your PGP key or SMIME certificate; Future confidential emails sent to you will make use of this 2. It is possible for keys and certificates to be found using ‘lookup servers’. The Financial Ombudsman Service lookup server can be found at keys.financial-ombudsman.org.uk. If your company has a dedicated lookup server which is not using the same type of name (keys.%domainname%.com) then please let the sender of this email know and we will add it to our list 3. We can arrange to send all emails to your domain encrypted. This requires a contact from your IT department to be available to discuss the technical requirements. If you would like to discuss email encryption with the Financial Ombudsman Service please email encryption@xxxxxxxxxxxxxxxxxxxxxxxxxx
Attachment:
signature.asc
Description: Digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html