Encrypting e-mail in my definition would be encrypting the contents so only
the recipients will be able to decrypt and read it. The context is
administrators and and staff exchanging sensitive information like SSNs to
perform the business of the university like making sure you are paid.
Working with HR and Payroll types, this is a real issue for people doing
their jobs. It will be a major project to get this working so all admin
types are able to use it. It almost has to be seamless and work with all
e-mail clients used on Campus. If not some folks may need to change e-mail
clients and you know what the word change does to some folks.
Yes there is the question of forwarding the e-mail and how do you handle the
original message. I would assume encrypt the entire message to include the
original so the new recipient could decrypt and read it.
The other issue is how the e-mail is stored on both servers and local PCs.
It should be store encrypted and only decrypted when read. That could
eliminate some of the exposure we have of sensitive data on workstations.
Rick
John Valenti writes:
> Rick,
>
> MSU's central email system has used encryption since the re-design of
> a few years ago. POP, IMAP and the web interface all use encrypted
> connections.
>
> The mail isn't encrypted on the mail servers, maybe that is what you are
> asking about? I haven't seen a big need for that, at least in our
> department.
>
> Perhaps this would be a good reason to suggest not forwarding email
> to another system (or to keep all participants within mail.msu.edu).
>
> -John
> LIR
>
I'm not aware of any e-mail systems encrypting locally stored e-mail
messages. I know that Google doesn't from our presentation this week. Its
true that we can transmit data to mail.msu.edu encrypted, and as you pointed
out the weak point is the e-mail to e-mail server connections.
It sounds like someone would like a PKI, public key infrastructure, for
encrypting individual messages. Implementing a PKI for campus would be a
large project to undertake.
-Ed
|
