CipherTrust Iron Mail Appliance is an Email Proxy server that runs its
own tweaked OPENBSD kernel. It has the email encryption you need plus a
whole lot more!!!
Check it out.........
Jason Albuquerque
GIS Manager
Department of Information Systems
80 Boston Neck Road
Town of North Kingstown, RI 02852
Tel. (401) 268-1516
Fax (401) 295-2594
www.northkingstown.org
"There are 10 kinds of people in this world. The ones who understand
binary and the ones who don't."
-----Original Message-----
From: Harrison Holland [mailto:harrisonholland@gmail.com]
Sent: Thursday, September 22, 2005 6:36 PM
To: AragonX
Cc: security-basics@securityfocus.com
Subject: Re: PGP email encryption
Have you guys looked at ciphiremail. That's a program that may help.
On 9/21/05, AragonX <aragonx@dcsnow.com> wrote:
<quote who="Meni Milstein">
Thank you for your detailed answer!
The reason I asked this question in the first place was because the
answers
I got (and keep getting) from the technical team and sales team at
PGP
were
inconclusive, and certainly WAY off what you are saying.
There IS a web client to PGP, and one way to use "email encryption"
in PGP
(according to the tech team at PGP) is to have the PGP server catch
the
message after it passed through, say, my exchange server, and
instead of
sending that message, send another message (notification message) to
the
receiving end - with a link. The link will lead the user to read the
message
off the "web messenger" on the PGP server through HTTPS. The access
is
done
using a user entered pass phrase (which according to what you said -
is
very
bad.)
I think the problem is PGP has been turned into more than it once was.
It
once was a simple public/private key encryption program. Now it's a
company with a wide range of products.
Personally, I would avoid PGP as a whole. The US government has been
pressing hard to get a back door into their keys. I'm not sure if
they
have one yet or not. I'm not sure we would know if they did.
Personally, I would suggest a solution based on gpg instead.
http://www.gnupg.org/
The way I see it, there is an easy way, and a hard way.
1) Easy way - setup a web mail server using gpg encrypted messages.
Disadvantages
1 - You are relying on ssl encryption to protect the data once the
client
logs on. You could setup a secure VPN to mitigate this threat.
2 - The security of your server is greatly diminished by allowing
these
external users access.
Advantages
1 - Easy to setup.
2 - Emails remain local and completely under your control.
3 - Depending on the countries you do business with, they may not be
allowed to use gpg.
2) Hard way - Send messages to your clients using gpg.
Disadvantages
1 - You must work with your client's IT staff to get this setup
correctly.
2 - Messages are out of your control once they leave your server.
Advantages
1 - You don't have to maintain the users on your server.
2 - Overall security of this setup is better.
This is just the way I see it. I could be way off base on some things
but
I do feel you should avoid pgp and use gpg instead.
--
Harrison Holland
