On Tue, 2003-04-01 at 11:27, Robinson, Sonja wrote: > We evaluated three enterprise solutions and bid them out. I believe that > once e-mail leaves your network using exchange it is automatically sent > clear text, hence the need for encryption. I am not an exchange > administrator so... And if you are sending PHI or GLBA I would send in no > less then 128-bit anyway. > > There are a number of issues you need to think of when evaluating encryption > including, logging/reporting, forensics & investigations, ease of use for > users, ease of administration, key exchanges, can I force my business > partners to buy the same product/hardware/service, send to anyone > capability, what constitutes due diligence, cost, etc. > > I am not endorsing any one vendor and these are not necessarily the opinions > of my employer and should not be construed as such.
I'm pretty sure that Exchange (I know Sendmail/Postfix/Qmail/Exim do) support StartTLS? The benefit of StartTLS is that it is free (other than the cert), open standards, and will automatically encrypt communications between any other mail sever running StartTLS (not just your partners). --------------------------- Michael Osten http://lists.netsys.com/pipermail/full-disclosure/2003-February/008369.html When caught, McWilliams was seen at his computer finishing a non fictional piece titled "Art of Deception to the 100th Power. Pi don't equal Pie Bitch." ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
