Re: Encrypted Mail

[salgak () speakeasy net]

> -----Original Message-----
> From: Ronish Mehta [mailto:sf_mail_sbm () yahoo com]
> Sent: Wednesday, July 23, 2003 08:05 AM
> To: security-basics () securityfocus com
> Subject: Encrypted Mail
>
> Hi there,
> I'm looking for a solution to encrypt my mails and to
> ensure that they have not been tampered with.
>
> VeriSign offers such a solution through its Go Secure
> solution
>
> I'm looking for solution that are easy to deploy from
> clients perspective
>
> (a) Anyone already using GOSecure, and any comments
> about it (if this is allowed on the list..)
>
> (b) Any other products that you are using out there
> (commercial or freeware)

For email encryption, there's **ALWAYS** PGP ( http://www.pgp.com ) , and for the open-source adovcate out there, GNU 
Privacy Guard ( http://www.gnupg.org/ ): both work purely at the client end.

> (c) Any security flaws in using solutions for mail
> encyption

As always, insufficient key length, insecure algorithm, or hackable passphrase/password.

> Thanks
>
> P.S. I;m using Exchange server 5.5 currently, will
> migrate to Exchange 2000 soon...

You might want to consider Exchange 2003 instead: it offers encryption at the server level.  I'm not sure if you need 
the Outlook 2003 client to make the encryption seamless or not. . .



---------------------------------------------------------------------------
----------------------------------------------------------------------------