Firewall Wizards mailing list archives
Re: Email encryption and virus scanning
From: Don Kendrick <don () netspys com>
Date: Tue, 21 May 2002 10:42:50 -0400
Sigh.... <On soapbox...and this soap has nothing to do with web services>Too many times I see us security professionals using s/mime or PGP for simple little notes like "Let's meet for lunch." Digitally signed, all wrapped up pretty.
As we all know, security is a spectrum going from no security to complete security however that may be defined for the particular system (we are talking email today but it applies to any system).
Further, usually the more secure something is, the more cumbersome it's use. If we accept this, we all agree that we need to apply security to systems at a level appropriate to the risk.
What I mean by this is that if a system is easiest to use void of security and hardest to use (or unusable) with maximum security, we need to define where the acceptable level of risk (and therefore, security applied) is.
If a system is still easy to use with high levels of security. Then it's a no-brainer. We can get higher security with relatively low costs.
Back to email...Sure, we can do encrypted email and digitally sign it, but as you were alluding to (I think), it's a pain in the ass for the masses. If we want more people to use it, we have to make it easier to use. Until then, we have to look at the sensitivity of what we send and make our own determination of the risk.
</off soapbox>On a personal note, I use smtps and pops or imaps because who want to share their passwords with the world...but the content, not that much there that is private enough to encrypt in 95% of the cases.
Don On Monday, May 20, 2002, at 06:22 PM, Dave Piscitello wrote:
A question, not "the" question. It's subjective... My question was how many on this list of ostensibly security-minded individuals use secure email. Your question is equally valid. With whom do they use it? Anyway, we may be ranging off topic. Anyone who cares to can take this offline. At 05:49 PM 5/20/2002 -0400, you wrote:the question is how many have been asked by clients and customers to use encrypted email. With WHOM do they use it?David M. Piscitello Core Competence, Inc. & The Internet Security Conference 3 Myrtle Bank Lane Hilton Head, SC 29926 dave () corecom com www.corecom.com www.tisc2002.com hhi.corecom.com/~yodave/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Email encryption and virus scanning Dave Piscitello (May 21)
- Re: Email encryption and virus scanning Frederick M Avolio (May 21)
- Re: Email encryption and virus scanning Dave Piscitello (May 21)
- Re: Email encryption and virus scanning Don Kendrick (May 22)
- Re: Email encryption and virus scanning Dave Piscitello (May 21)
- Re: Email encryption and virus scanning Frederick M Avolio (May 22)
- Re: Email encryption and virus scanning Dave Piscitello (May 22)
- Re: Email encryption and virus scanning Frederick M Avolio (May 22)
- Re: Email encryption and virus scanning Frank Knobbe (May 31)
- Re: Email encryption and virus scanning Dave Piscitello (May 22)
- Re: Email encryption and virus scanning Frederick M Avolio (May 21)
- Re: Email encryption and virus scanning Crispin Cowan (May 22)
- <Possible follow-ups>
- Re: Email encryption and virus scanning t (May 21)
- Re: Email encryption and virus scanning Frederick M Avolio (May 21)
- Re: Email encryption and virus scanning Antonomasia (May 21)
- Re: Email encryption and virus scanning Dave Piscitello (May 22)
- RE: Email encryption and virus scanning Gautier . Rich (May 21)