On 28.05.2020 23:21, Stefan Claas wrote: > > while it is not my business, I do not understand why you have to take > care about the Thunderbird issue, as a users and not the > Aufsichtsbehörde ... If for example you have a job at the > Aufsichtsbehörde then ok, like I said, I would contact gnupg.com and > ask them if GnuPG Desktop (A Windows app) fits for your working > environment and in case not what they would suggest, because the > Aufsichtsbehörde should have IMHO funds to issue a professional > licensed working solution for their employees. > > In case you only have to deal as a gpg4win user with the > Aufsichtsbehörde via email, then I don't understand how would they > detect if you would not comply by using later the new Thunderbird, > without BSI approval.
This is not my field, but I believe that (besides authorities) there are companies or other institutions which *must* use certified encryption solutions. Some ideas: - The OP might be employed at a city administration of a small village where the full set of regulations is relevant, but where there is no money (as in many small villages) to buy support. - The OP might be employed at a company like a hospital, a nuclear plant, a company which develops or sells military goods, a law office, a tax office, a (medical) insurance, a bank, and so on - you get the idea :-) While I actually don't know in detail which sort of company is bound by which regulation, I am sure that there are dozens of company types and hundreds, if not thousands of companies which are legally restricted to use only BSI-certified encryption software, especially companies which handle sensitive personal data or which compromise public safety if they let leak data. Even more, since the arrival of the GPDR, each company -even the smallest one- has to put significant effort into protecting personal data, and has to document in detail their respective policies and methods. When implementing the respective concepts and explaining / documenting why they are safe and how they protect personal data, it is of great help when the BSI has certified as many parts of the software as possible. Furthermore, to me, the OP sounds if he is not only employed at a company as a normal user, but as a part-time admin who has been asked to implement the email infrastructure for his colleagues besides his normal work (because the management as usual does not understand the importance and value of such work and the expertise and time which is needed). Regards, Binarus _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users