Draft IP-Bill enters wrap-up phase

Mark Lomas ukcrypto at absent-minded.com
Sat Jan 23 14:25:52 GMT 2016

NHS Net mail has two different encryption mechanisms, one of which is

If the users take no special measures then NHS Net mail encrypts between
client and server, but messages are stored in clear on the server. That is
not end-to-end.

NHS Net mail also provides a PKI to support S/MIME, allowing end-to-end
encryption. NHS policy is that any message containing two or more patient
records must use this. They felt unable to mandate this for individual
records because many NHS staff are incapable of using S/MIME. So, for
example, hospital admissions should support S/MIME but an individual
healthcare worker isn't required to.

To complicate matters there is an authorisation list for S/MIME that needs
to traverse the network boundary. That is to stop staff smuggling out
sensitive data having first encrypted it. Staff who need to exchange
encrypted messages with external parties have first to be added to the
authorisation list.


p.s. I realise that not all NHS bodies follow the policy, but the mechanism
is available to support end-to-end encryption.

On 22 January 2016 at 00:38, Adrian Midgley <amidgley at gmail.com> wrote:

> > thinking based on a mistaken impression that an iMessage has four ends:
> sender/Apple/Apple/recipient,
> The NHS Net mail is persistently described as "end to end encrypted" when
> it quite clearly is decrypted to store (perhaps being re-encrypted against
> a key held for that server) on the central server, and then re-encrypted to
> go to the recipient's compute.
> So the idea that there could be a persistent mistake about how many ends
> there are in a a line isn't quite as daft as it might be.
> But no, I think it is simply saying whatever seems convenient, alas.
> On Thu, 14 Jan 2016 at 11:52 Roland Perry <lists at internetpolicyagency.com>
> wrote:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20160123/b0997bb0/attachment.html>

More information about the ukcrypto mailing list