NHS email encryption

Brian Morrison ukcrypto at chiark.greenend.org.uk
Sun, 26 Aug 2007 18:08:32 +0100 

--Sig_yf_rHv0ox.PW8ktPHoUbE+m
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Sun, 26 Aug 2007 17:31:31 +0100
Dave Howe <DaveHowe@gmx.co.uk> wrote:

> Brian Morrison wrote:
> > Are you suggesting that they don't then authenticate once the TLS is=20
> > initialised? That seems rather bizarre, surely the correct way of
> > doing this is to authenticate in all cases but refuse to do so from
> > outside the trusted networks unless TLS or SSL is used to prevent the
> >  visibility of the base64 encoded AUTH strings?
>=20
>    No, I am saying that the EHLO response indicates that STARTTLS is
> supported, but if you attempt to then use STARTTLS it doesn't actually
> respond with the ssl sequence but a "not authorized" message. Our=20
> mailserver did not then attempt to send mail unencrypted, but failed=20
> back to the queue with an error. The "fix" from our end was to force the=
=20
> mailserver to use HELO instead, which prevents the TLS attempt entirely.
>=20

I see, that seems very odd, as surely the security of the mail
transaction is assured with TLS/SSL even outside the NHS network.

While I can see that there are concerns about securing the mail on say
a doctor's laptop, it doesn't seem to make sense to differentiate
between outside and inside their own network unless convinced that the
mail is only secured when stored and not when in transit. The latter of
those two can be fixed with TLS/SSL whereas the former may using some
sort of gpg-alike.

I can't see what they're trying to achieve by their current stance.

--=20

Brian Morrison

bdm at fenrir dot org dot uk

   "Arguing with an engineer is like wrestling with a pig in the mud;
    after a while you realize you are muddy and the pig is enjoying it."
   =20
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html

--Sig_yf_rHv0ox.PW8ktPHoUbE+m
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG0bOQ9BNjUd4y5cURAn6BAKC5OqwpAA99bwGngGQtrZrCHMBX0gCfYGx6
5WYUy1DRl6HTBR/pwYLKyvg=
=vkBf
-----END PGP SIGNATURE-----

--Sig_yf_rHv0ox.PW8ktPHoUbE+m--