My take on this is that it sounds like the minimum requirement is end to end secure connection over the Internet (as Andrey pointed out)...which does sound like a TLS candidate. The problem with using PGP or the like is that you then rely on the customer (client) to encrypt the email. If the requirement is that all transactions are encrypted then at least TLS enforces a secure transmission between two gateways. But I would also implement actual message encryption as well (again..PGP or the like). So in the best case, you have an encrypted message traveling over a secure channel (public channel that is...this doesn't address what happens to the message while it is on its way to gatewayA and what happens to the message once it leaves gatewayB). The worst case is that a client forgets to encrypt the email, but it is still transmitted over a secure channel (thus still meeting the requirement to transmit it securely over the Internet).
Best regards, Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey Sent: Thursday, July 17, 2003 1:59 PM To: Exchange Discussions Subject: RE: Sending Secure Mail over the Internet Ok I suggested it. Because from what I read, they want to always send mail to the same destination in a secure way ("We want to send reports to the State that contain information about our students") In order to use PKI encryption, they would have to ask the recipient to obtain a certificate first, then get the recipient's public key from a digitally signed message, then always remember to encrypt individual messages. With TLS, you set it up once and then start sending e-mail - the server does the job of encrypting the transmission every time. If I had to send encrypted mail to many different destinations, I would sure go with PKI or maybe PGP. But when you are targeting the same place all the time, why not TLS? -----Original Message----- From: Johansson Patrick [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 3:20 PM To: Exchange Discussions Subject: RE: Sending Secure Mail over the Internet Ok, maybe I've had a few too many beers but why in the world is everybody suggesting TLS. It's a bother to set up and you have to do it with every mail server you want to have secure communications with. Great, the communications are secure but how about the actual e-mail? Correct me if I'm wrong but the easiest way in this instance would be to just encrypt the e-mail. Windows does provide CA and you can always get another certificate from a known source. Another way to go is to use pgp or some offshoot of that. I don't know but sometimes we (designers/administrators) get a little over excited using technology we don't really have to use. Well, just my 5 cents. -Patrick -----Original Message----- From: Dickenson, Steven [mailto:[EMAIL PROTECTED] Sent: 17. heinäkuuta 2003 19:04 To: Exchange Discussions Subject: RE: Sending Secure Mail over the Internet If the sending and receiving mail servers, as well as any in-between support it, TLS is an option. Personally, I'd encrypt the e-mails using GnuPG. www.gnupg.org Steven --- Steven Dickenson <[EMAIL PROTECTED]> Network Administrator The Key School, Annapolis Maryland -----Original Message----- From: Bridges, Samantha [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 9:12 AM To: Exchange Discussions Subject: Sending Secure Mail over the Internet Exchange 5.5 sp4 Windows 2000 Advanced Server Outlook 2000 and XP clients Hello All. I work for a school district in Michigan. We want to send reports to the State that contain information about our students. The information contained in the email attachments must remain confidential and private. Therefore, I need to provide a secure way of sending reports/attachments via email over the Internet. Any ideas or comments would be greatly appreciated. SSL only provides secure logons????....right??? Thanks for any help. Samantha _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
