NHS email encryption

[Charles Lindsey]

On Sun, 26 Aug 2007 18:08:32 +0100, Brian Morrison <bdm@fenrir.org.uk>  
wrote:

> On Sun, 26 Aug 2007 17:31:31 +0100
> Dave Howe <DaveHowe@gmx.co.uk> wrote:

>>    No, I am saying that the EHLO response indicates that STARTTLS is
>> supported, but if you attempt to then use STARTTLS it doesn't actually
>> respond with the ssl sequence but a "not authorized" message. Our
>> mailserver did not then attempt to send mail unencrypted, but failed
>> back to the queue with an error. The "fix" from our end was to force the
>> mailserver to use HELO instead, which prevents the TLS attempt entirely.
>>
>
> I see, that seems very odd, as surely the security of the mail
> transaction is assured with TLS/SSL even outside the NHS network.
>
> While I can see that there are concerns about securing the mail on say
> a doctor's laptop, it doesn't seem to make sense to differentiate
> between outside and inside their own network unless convinced that the
> mail is only secured when stored and not when in transit. The latter of
> those two can be fixed with TLS/SSL whereas the former may using some
> sort of gpg-alike.
>
Then it seems that doctors can send mails to each other using STARTTLS to  
prevent
'outsiders' from seeing it. But it would not be possible for a patient to  
send
email to his doctor that way

> I can't see what they're trying to achieve by their current stance.

That remark presupposes they know what they are trying to achieve :-) .



-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl@clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5