[lug] Getting mail out of the Qwest/MSN mire

David L. Anselmi anselmi at anselmi.us
Fri Jul 7 22:01:48 MDT 2006


Nate Duehr wrote:
[...]
> Every mail server that touches a message should also digitally 
> sign/stamp the message.
> 
> All it would take is a large organization (U.S. Government, would be a 
> REALLY good one) saying, "We're going to use this Encryption technique, 
> and any mail arriving unencrypted... we're throwing away."

Have you ever worked for the federal government?  I can see them doing 
just this, and just as you have they'd say "encrypt" rather than "sign".

But it isn't just that mail has to be signed, the signatures have to be 
verified.  And so the mail servers have to be authenticated well.  And 
then the price of running a mail server goes up.  No big deal for Google 
but the rest of us will wind up using gmail too.  No thanks.

> Companies set up VPN connections for critical business data between one 
> another as the "best practices" way of handling day to day business for 
> EVERYTHING BUT... E-mail.  Business deals big enough to affect thousands 
> of people's lives get "inked" via an un-encrypted, un-authenticated 
> e-mail every day.
> 
> Ridiculous.

Business doesn't care about security.  Some will say that rather they 
care about risk management.  My guess is they only care about beating 
the odds.  (That's not really meant to be cynical, beating the odds is 
good enough.)

Dave



More information about the LUG mailing list