[lug] Getting mail out of the Qwest/MSN mire
David L. Anselmi
anselmi at anselmi.us
Fri Jul 7 22:01:48 MDT 2006
Nate Duehr wrote:
> Every mail server that touches a message should also digitally
> sign/stamp the message.
> All it would take is a large organization (U.S. Government, would be a
> REALLY good one) saying, "We're going to use this Encryption technique,
> and any mail arriving unencrypted... we're throwing away."
Have you ever worked for the federal government? I can see them doing
just this, and just as you have they'd say "encrypt" rather than "sign".
But it isn't just that mail has to be signed, the signatures have to be
verified. And so the mail servers have to be authenticated well. And
then the price of running a mail server goes up. No big deal for Google
but the rest of us will wind up using gmail too. No thanks.
> Companies set up VPN connections for critical business data between one
> another as the "best practices" way of handling day to day business for
> EVERYTHING BUT... E-mail. Business deals big enough to affect thousands
> of people's lives get "inked" via an un-encrypted, un-authenticated
> e-mail every day.
Business doesn't care about security. Some will say that rather they
care about risk management. My guess is they only care about beating
the odds. (That's not really meant to be cynical, beating the odds is
More information about the LUG