Draft IP-Bill enters wrap-up phase
Adrian Midgley
amidgley at gmail.com
Tue Jan 26 14:26:36 GMT 2016
> By default private internets are no more secure than the public one.
An inconvenient truth within the NHS.
On Tue, 26 Jan 2016, 12:24 Dave Howe <davehowe.pentesting at gmail.com> wrote:
> On 24/01/2016 17:56, Roger Hayter wrote:
>
> > I was never important enough to be advised to do such a thing. It
> > does seem remarkably simple, but raises more questions. Does it use
> > the same SSL libraries as used for encrypted web sites?
>
> Yes, mostly. Generation will use the SSL library of your web browser,
> usage the SSL library of your email client. Underlying protocol is the
> same.
>
> > If Thawte issue a certificate which you then use, does this
> > potentially give them a way into your encrypted information or not?
>
> Not - just as Thawte issuing a cert for your webserver doesn't give
> them a way to reach that traffic. The private key is generated locally
> by your web browser and never leaves your machine.
>
>
> > And is this the same system the English NHS use for end-to-end
> > encryption?
>
> Yes
>
> > It would seem to render NHSnet irrelevant, unless its sole role is
> > to prevent you sending encrypted email or secret documents outside
> > NHSnet.
>
> No. NHSnet/CfH/whatevertheyarecallingitthisweek isn't actually
> encrypted - it's a private internet, with access controls, but any
> security has to be layered onto that or traffic will be available to the
> BT engineers who maintain and support it. As always, HTTPS & SMTPS can
> protect point-to-point links, but S/MIME is recommended to protect data
> end-to-end. By default private internets are no more secure than the
> public one.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20160126/73b17936/attachment.html>
More information about the ukcrypto
mailing list