Date: Thu, 31 Jul 2008 14:50:33 -0600 From: Chad Perrin <perrin@apotheon.com> To: FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: OT: encrypted email using web based application Message-ID: <20080731205033.GA6805@kokopelli.hydra> In-Reply-To: <4890694A.9030607@lvor.halvorsen.cc> References: <d356c5630807300514pa9d94adl1e257d51ce8c1650@mail.gmail.com> <4890694A.9030607@lvor.halvorsen.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
--TB36FDmn/VVEgNH/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 30, 2008 at 03:14:50PM +0200, Svein Halvor Halvorsen wrote: > Andrew Gould wrote: > > If I start with Subject line with the word "secure" using my work's ema= il > > system, the email is sent to a secure, web based application where the > > recipients can view the message securely. The recipients receive a mes= sage > > that a secure email message is waiting for them there. They have to cr= eate > > an account based upon their email address to view the message. They do= not > > have to recreate the accounts for future messages. > >=20 > > This system is easy to use; and we don't have to worry about whether the > > recipients have PGP or GPG. Is there an open source application that d= oes > > this? >=20 > How is this secure? Ok, I can see that if the message is served over > https, then the network packages themselves cannot be sniffed > easily. But as long as the recipient did not give you the key to > use, then this is not secure. Why should the recipient trust the server? >=20 > Whether there is an open source solution, I don't know however. It depends on your definition of "secure" -- which can vary from one circumstance to another. If the emails in question are "company property", there's no reason to consider access to the emails by company officials a breach of security. On the other hand, if sensitive company information is sniffed in plain text on the network, that could be disastrous. =46rom the sound of it, the circumstances the OP described refer to such a situation -- one where strict person-to-person privacy isn't a necessary goal of relevant security concerns. --=20 Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] Scott McNealy: "Microsoft is now talking about the digital nervous system. I guess I would be nervous if my system was built on their technology too." --TB36FDmn/VVEgNH/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkiSJZkACgkQ9mn/Pj01uKWu+wCgjnRTlQQ/ZJ6xQ+dDixGzzaHM 6Q0An3ohI17xPtj91WdH2e05v0GbIF6v =tc2A -----END PGP SIGNATURE----- --TB36FDmn/VVEgNH/--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080731205033.GA6805>