More CDs lost in the post
Peter Tomlinson
ukcrypto at chiark.greenend.org.uk
Wed, 23 Jan 2008 17:24:30 +0000
Ian Batten wrote:
> On 23 Jan 08, at 1619, Peter Tomlinson wrote:
>> That reminded me about Government Connect, a programme to provide
>> secure email for all public sector organisations and also their
>> 'clients' (all organisations with which they exchange data that needs
>> to be kept secure within DPA definitions - e.g. nursing homes). Once
>> this is deployed, the moving of data on CDs should stop.
> Within a closed user group, why wouldn't squirrelmail with https:
> access and SMTP servers which only accept connections which can supply
> a certificate signed with the appropriate key(s) be sufficient? Yes,
> I realise it would only be as strong as the weakest link (ie if you
> can forge mail into one node, it will be passed as valid to another),
> but incorporating an X.509 infrastructure would massively increase the
> complexity.
>
> Indeed, if you want secure mail for a community, what's wrong with
> squirrelmail over https on a system that has no means to exchange mail
> elsewhere?
>
> ian
It was being said (a year or more ago) that the problem with LAs is that
they will each make their own decisions on where they get their
certificates. Thus, without a central PKI, when someone in an LA
receives an email from another LA, the recipient may be unable to verify
the signature. It would be a case of looking at it and maybe phoning the
sender to ask if he/she had really sent it...
Mind you, even David Birch of Consult Hyperion told us that he could not
work out how to get Govt Gateway to accept a certificate that he had
purchased from an approved CSP.
Answers to these conundrums will I'm sure get put in the round filing
cabinet...
Peter