Re: PGP encyption of outging email
Paul Murphy <pjm <at> ousekjarr.org>
2009-05-07 08:17:04 GMT
> I wonder why you don't want to encrypt/sign in the MUA. It is more
> flexible and, well, works most of the time.
Because users are incapable of getting it right, and the time they forget to
encrypt the message may also be the time they send company B's confidential
data to company A. At one point I was seeing ~10 messages per week which the
users had forgotten to encrypt, and I saw 2 in 6 months go to the wrong
company without encryption.
I looked at this a long time ago, and got a system working which verified
that messages to and from designated domains were encrypted. It was a bit
messy, but it worked. It also ensured that the corporate key had been
included in the encryption targets, so we could enforce use of this key for
message recovery purposes. It did this by trying to decrypt any encrypted
parts using the corporate key. Coincidentally, this also stopped employees
using encryption to any domain except those we expressly permitted it to -
otherwise our confidential data could walk out of the door, and we'd be none
The issue, as Steffan has already pointed out, is that you have to trust your
mail server with the passphrase to your private key, or in our case, to the
company's private key. In our circumstances, this was more acceptable than
the breaches of security caused by incapable users, but you may not be able
to make that argument.