secure email solutions

Tim O'Connor tim at roughdraft.org
Mon Apr 28 00:08:04 GMT 2003


Hi, all.  I'm working on a project to see if we can put up some
solution that will allow us to deliver mail securely -- at its
best, encrypted end-to-end so that no plaintext travels across
the Internet; at its most relaxed, encrypted internally so that
a sniffer or a rogue user cannot easily grab sensitive messages.
(Yes, I know that if the rogue user is a person with high privs,
there is not a lot we can do to protect against such a person.
But the goal is to protect as much as can be protected, within
reason and reasonable limits.)

I'm curious to hear of any solutions Unisog subscribers may have
put into place for large-scale secure mail service.

By that I mean solutions that may run the gamut from
public/private key (e.g., classic PGP) to what I see as the
opposite extreme, the repository model (e.g.,
www.authentica.com).

My concerns are ease-of-use, scalability, and the ease of
allowing people outside the enterprise to join in (e.g., a
doctor here needs to consult with a doctor outside, and do so
securely.  How best to include that outside doctor in our
scheme?  Or a person cannot for some reason use a plug-in to
play; how do we allow that person in?)

[I personally have been using PGP for nearly ten years, so I
have to recuse myself as an example of a typical user.]

One ideal solution proposed to me (though I think it an unlikely
one to make happen) is a push-button that says, "Send Secure
Mail" within some GUI.  That's one point of view.

We recognize that no one solution is going to handle everyone,
so if we can hit 80% of the population, that might be a good
start.  Defining the population is also important (some
examples: mailing SSNs, while bad in nearly every way, happens
every day, so that may as well be done securely; sending grades
happens too; on the other hand, person-to-person chatter
probably need not be secured; protected health information, such
as that defined by HIPAA, is very much a target, however, as is
FERPA-protected data; I'm sure you can add your own items to
this very spotty list), and so I would be glad to hear privately
or publicly from anyone who has done this successfully.  I have
a couple of ideas of how to proceed, but would like to hear what
people in this group may think.

For context, I'm working within a large private university
(>50,000 live accounts minimum, possibly another 20,000 more)
and the school is entwined with a handful of hospitals (and
their business partners), as well as medical, dental, nursing,
public-health, psychiatric schools, and plenty of other
HIPAA-sensitive areas.  In general, if you can think of some
constraining U.S. law that might apply, we likely have to live
under it.

If you have information you'd like to share, I'd love to hear
what you did.  Even crash-and-burn failures are of interest to
me.  I'm not ruling out anything at this point.  I'm trying to
learn from any possible angle.

Thanks in advance for any stories you can share.  If you want to
be kept confidential, just say so and I won't cite you as a
source in my internal report.  Also, if this spawns an open
discussion, that would be great too.  I'm trying to learn from
the pioneers with the arrows in their backs 8-) as well as from
those who can declare success stories.

Regards,

--TIM O'CONNOR



More information about the unisog mailing list