NHS email encryption
Brian Morrison
ukcrypto at chiark.greenend.org.uk
Tue, 28 Aug 2007 21:31:33 +0100
--Sig_WacKG6QhPgszeS.pYM+xa42
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Tue, 28 Aug 2007 09:30:55 +0100
Ian G Batten <ian.batten@uk.fujitsu.com> wrote:
> I don't think it's totally unreasonable to =20
> refuse opportunistic encryption from people using self-signed =20
> certificates: to the eyes of the uninitiated SSL in that situation =20
> appears to offer authentication when in fact it only offers some =20
> measure of confidentiality.
Such a decision depends on why you are using TLS on your mailserver. If
it is to ensure authenticity then fair enough, if it's to ensure
eavesdropping is much more difficult then it's a legitimate exercise
even if authentication is not achieved by that method.
--=20
Brian Morrison
bdm at fenrir dot org dot uk
"Arguing with an engineer is like wrestling with a pig in the mud;
after a while you realize you are muddy and the pig is enjoying it."
=20
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
--Sig_WacKG6QhPgszeS.pYM+xa42
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG1IYl9BNjUd4y5cURAmCDAKDcBk+hPqMXoUULagOdMNvyvda/YgCg9of8
F4AlpqwOnT8ORhFd9XtJXbE=
=wYAM
-----END PGP SIGNATURE-----
--Sig_WacKG6QhPgszeS.pYM+xa42--