NHS email encryption
Brian Morrison
ukcrypto at chiark.greenend.org.uk
Sat, 25 Aug 2007 18:12:30 +0100
--Sig_qEGT8mwc.kRbhwcEK92zS7_
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Sat, 25 Aug 2007 17:43:26 +0100
Dave Howe <DaveHowe@gmx.co.uk> wrote:
> I think it is more that they don't want to do TLS to anyone outside of=20
> their "trusted domain". My understanding is that TLS works fine for=20
> "internal" users, but they don't know how to turn off the STARTTLS ad=20
> for ehlo for external users without also disabling it for internal...
Are you suggesting that they don't then authenticate once the TLS is
initialised? That seems rather bizarre, surely the correct way of doing
this is to authenticate in all cases but refuse to do so from outside
the trusted networks unless TLS or SSL is used to prevent the
visibility of the base64 encoded AUTH strings?
--=20
Brian Morrison
bdm at fenrir dot org dot uk
"Arguing with an engineer is like wrestling with a pig in the mud;
after a while you realize you are muddy and the pig is enjoying it."
=20
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
--Sig_qEGT8mwc.kRbhwcEK92zS7_
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG0GL+9BNjUd4y5cURAgE+AKCN0CiJqTW4Q9dZstlTkZjQHXGv7ACgxZkj
EF1Gk5VSTK32LlR/pvK5xIQ=
=cOwg
-----END PGP SIGNATURE-----
--Sig_qEGT8mwc.kRbhwcEK92zS7_--