1997-06-09 - Re: Access to Storage and Communication Keys

Header Data

From: tzeruch@ceddec.com
To: Bill Stewart <stewarts@ix.netcom.com>
Message Hash: f8d8d73a04d9e5bf2b218a1d8224c20b61a9cbdcb0eddd221967df20adbf15bc
Message ID: <97Jun9.171030edt.32257-1@brickwall.ceddec.com>
Reply To: <3.0.1.32.19970609000938.00756910@popd.ix.netcom.com>
UTC Datetime: 1997-06-09 21:24:01 UTC
Raw Date: Tue, 10 Jun 1997 05:24:01 +0800

Raw message

From: tzeruch@ceddec.com
Date: Tue, 10 Jun 1997 05:24:01 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Access to Storage and Communication Keys
In-Reply-To: <3.0.1.32.19970609000938.00756910@popd.ix.netcom.com>
Message-ID: <97Jun9.171030edt.32257-1@brickwall.ceddec.com>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 9 Jun 1997, Bill Stewart wrote:

> Having argued that point vociferously in the past, I'm now going to
> waffle on the issue - while the business need is for access to
> stored data, this may often include stored messages received from
> a communication system in encrypted form.  Either the User Interface
> needs to make it convenient to store the decrypted message,
> or else the user will store the message in encrypted form -
> which means there may be a business need for Proper Authority Access later.

Move all accounts that use corporate secured email to a secure local
server (e.g. per office), and do something like a procmail recipe that
will decrypt automatically and forward the plaintext to the recipient
(archiving as per policy).  If the messages need security, then they don't
leave the secured server and the accounts are such that I can't read other
people's mail directory and others can read mine.  All the keys are
generated and maintained on this server so passwords are controlled by
the administrator.

Or just have them use the encryption within the corporate standard word
processor, and spend the $100 or so for the 5-second cracking program.

You can automate security to prevent user's not following procedure
(saving encrypted files).  You can't do much about malice or creativity
(e.g. my PGP on my laptop). 







Thread