NHS email encryption

Ian Mason ukcrypto at chiark.greenend.org.uk
Sun, 26 Aug 2007 22:16:16 +0100 

On 25 Aug 2007, at 14:07, Adrian Midgley wrote:

> Dave Howe wrote:
>> Roland Perry wrote:
>>> In article <46CEE726.5000806@defoam.net>, "Dr Adrian Midgley (In the
>>> office)" <amidgley2@defoam.net> writes
>>>> Any patient identifiable information sent from an ordinary email
>>>> account (eg ekcpct.nhs.uk or gp-g80000.nhs.uk) is not fully
>>>> encrypted and therefore open to interception and would constitute
>>>> sending details outside the EEA.
>>>
>>> Hold on, are they saying that the server that does nhs.uk emails is
>>> located outside the EEA?!?
>>>
>>> mail.nhs.uk is allegedly 212.137.44.179, which is somewhere in
>>> cw.net; Sheffield according to one geolocation tool, Manchester
>>> another, London a third (did anyone say geolocation was an inexact
>>> science?)
>>
>>   I *do* know the nhs.net official mailservers have been causing us
>> problems - they assert their wilingness/ability to do opportunistic
>> crypto in their EHLO replies, but then drop the connection if you
>> attempt to do a STARTTLS from outside of the nhs.... This is
>> apparently a deliberate security misfeature, no idea how or why they
>> would implement that.
> Is it possible to document that (I mean further than just saying it  
> - I
> believe you of course)?



It appears to accept STARTTLS correctly from my mailserver, vis:

> Aug 26 22:08:12 equinox.ian.co.uk sendmail[24085]: [ID 702911  
> mail.info] STARTTLS=client, relay=smtp.nhs.net., version=TLSv1/ 
> SSLv3, verify=FAIL, cipher=DES-CBC3-SHA, bits=168/168
> Aug 26 22:08:15 equinox.ian.co.uk sendmail[24085]: [ID 801593  
> mail.info] l7QL8BF7024081: to=<i-want-this-to-bounce@nhs.net>,  
> delay=00:00:04, xdelay=00:00:04, mailer=esmtp, pri=120404,  
> relay=smtp.nhs.net. [216.239.198.21], dsn=4.3.0, stat=Deferred: 451  
> Requested mail action not taken: mailbox unavailable

My server is not using self-signed certificates but a certificate  
signed by my own (self-signed) CA. Perhaps the NHS servers only  
exhibit problems with strictly self-signed certificates; which tend  
to be the commonest type of certificate on STARTTLS capable SMTP  
servers in my experience.



>
> And can I confirm that this would mean that the system being presented
> to doctors and all other NHS workers as providing encrypted ("end to
> end" no less) transmission to collect mail by (webmail and) POP3 and
> IMAP4 over SSL so as to safely carry patient-identifiable information
> between places in the NHS network and places outside it, does not
> provide that encryption when operated as described?
>
> Or is it possible that there is some secret sauce in Microsoft
> Outlook/Express which causes the server to communicate with it  as
> securely as any Microsoft application and other standard-compliant
> systems for email to be served a degraded performance?  (Why does this
> sound so horribly familiar and plausible?)
>
>
> -- 
> A
>