On Sun, 22 Sep 2002 21:31:06 -0400 (EDT) Kurt Lieber <exim@???> wrote:
> Kurt Lieber said:
> After I sent this message, I realized you were talking about digitally
> signing of messages sent by internal people, where I was referring
> primarily to encrypting messages destined to external recipients. I
> agree
> that you absolutely need to have some strong authentication in place if
> you start digitally signing outgoing messages, though I still think this
> can be effectively managed server-side, when combined with the necessary
> precautions like SMTP/TLS.
>
> Anyway, just thought I'd clarify.
fine.
you're still making a lot of assumptions about the security of your servers
and your internal infrastructure. there are numerous avenues of attack on
this design once somone is on the inside.
be very, very careful. it's server season.
richard
--
Richard Welty
rwelty@??? Averill Park Networking
rwelty@??? Unix, Linux, IP Network Engineering, Security
rwelty@??? 518-573-7592
