RE: [exim] Securing Email for the prying eyes of any governm…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jan-Peter Koopmann
Datum:  
To: Exim User's Mailing List
Betreff: RE: [exim] Securing Email for the prying eyes of any government
On Wednesday, January 12, 2005 11:09 PM Greg A. Woods wrote:

>> Correct. So does end-point security in the form of one virus scanner
>> etc. on a users client (especially windows client). All I am saying
>> is: Currently you cannot have both.
>
> Cannot have both of what?


- end-to-end security and virus/spam on intermediary gateways
- very good end-point security and total ease of use for the typical
Windows/Outlook dummy.

> for supposed "signatures" of malware.  It's completely the most
> bass-ackwards way of going about the task there is and it's
> ultimately doomed from the start.     


And of course you have a totally differrent approach that will work in
real life with all companies, does not use signatures, detects 100% of
all viruses while letting pass all wanted attachments... What is the
product called again? Utopia 2005 Second Edition?

> Virus scanners of all types are just "management pacifiers" in the
> end.
> They don't really solve any problems, and they get in the way more
> often than not, and they can waste enormous resources.


When they detect viruses they do solve a problem. I agree to the
resource problem though.

> How far are you willing to go with that kind of approach? Will you
> be willing to reject all PGP and S/MIME encrypted messages too?


Personally: I know my way around good enough to allow PGP and S/MIME in
our company. As for our clients: Their decision to make. If they want
all messages scanned then yes, they are willing to reject all PGP and
S/MIME messages and yes we will assist them in doing so.

> Proper attention to security awareness doesn't have to impede ease of
> use one iota either. Belief that it does it part of the problem.


Well, your clients seem to be the nicest on the planet. Mine sometimes
tick out the moment the background of their desktop changes. I know what
you are saying and generally I agree but still this is a point of
perspective and to me, the perspective of the person paying my invoices
is the one that matters.

>> Sure there is. Depending on your/the customers need. If you trust
>> your internal network/mail server there is no real problem.
>
> Huh? We're talking here about security over public networks, not
> what might happen once the mail has been received (though to some
> extent that's quite important too).


Funny. Usually you do read messages and threads very intensly. How could
you have missed that point? :-) I was stating a while ago, that
using/enforcing transport layer security to increase security over
public networks is one way to go and that therefore might not be the
need for real end-to-end security to achieve the original task in
question. Of course using one standard key is not as secure as using
different keys per person but I already hinted on PGP Universal gateway
etc. It was you who then suggested that real security can only be
achieved by using complete end-to-end security. That contradicts what
you are saying now. My definition of end-to-end is from one MUA to the
other not from one MTA to the other MTA. In case of Exchange the
decryption then must take place on the client side which again makes
virus scanning gateways obsolete.

> Yeah, covert channels, escrow keys, etc. Wonderful stuff.


Indeed.

> Any corporate security officer who even dreams of stopping covert
> channels isn't worth even a penny of what he or she is being paid and
> they'll ultimately do more damage to their company than good.


Your perception. I agree it is nearly impossible if you have capable IT
guys and to stop covert channes in an ISP-like company is close to
impossible. But for many of our clients we are able to get unwanted
communication close to zero. Without damage to the company.

> As for escrow keys, well yes they might work inside the firewall and
> have some value there, but for public key encryption they're the
> antithesis of what we're talking about here.


Ok. Then enlighten me. Scenario:

Company A needs to securely communicate with other companies over public
networks. You are saying only real end-to-end security is up to the
task. They choose to use PGP to secure their e-mail. Of course the
decrypted mails should not be stored anywhere on the server or the
client machine for obvious security reasons. Since ADKs are the
antithesis you do not use them. Now one key accounter was either killed
in an accident or was fired. Therefore he is not capable/willing of
telling anyone his passphrase. The company needs to access his mails
since technically they belong to the company and not to the person. What
next? How - withouth advanced decryption keys - will you achieve this?

> It's those prying eyes
> of many governments who would dearly love to force everyone to use
> encryption with back-door holes for them to peep through.    


If a company sets up advanced decryption keys, how exactly is that a
back-door for the government?

Regards,
JP