[unisog] secure email solutions

Greg Small gts at uclink.berkeley.edu
Mon Apr 28 18:30:30 GMT 2003


I am the lead of the team that is attempting to promote use of SSL for
email connection.  I consider this the first critical step in giving our
customers secure, verified sender, reliable email.

We have been running stunnel to our UCLink email server for several years,
but have been unable to get any serious deployment interest from our two
main email server groups so our efforts have been a bit short on UNIX
expertise for scaling up.  See

There are two groups on campus that have independently been running SSL
to their email servers (POP3/IMAP/SMTP).  They have a lot more operational

     Engineering and Computer Sciences
     Infrastructure Development and Support Group
     (idsg at EECS.Berkeley.EDU)
     Using Sun iPlanet Messaging Server

     Haas business School
     (Mark Phillips <markp at haas.berkeley.edu>)
     Using UWash IMAP/IPOP3D/SMTP.

If you have any questions, I would be happy to respond further.

Greg Small                                     gts at uclink.Berkeley.EDU
Security Infrastructure Project                On a network, paranoia is
WSS Security Officer                           just good thinking!
Workstation Software Support WSS/IST           Systems Programmer for 35
University of California at Berkeley           years and it's still fun!

At 08:08 PM 4/27/2003 -0400, Tim O'Connor wrote:

>Hi, all.  I'm working on a project to see if we can put up some
>solution that will allow us to deliver mail securely -- at its
>best, encrypted end-to-end so that no plaintext travels across
>the Internet; at its most relaxed, encrypted internally so that
>a sniffer or a rogue user cannot easily grab sensitive messages.
>(Yes, I know that if the rogue user is a person with high privs,
>there is not a lot we can do to protect against such a person.
>But the goal is to protect as much as can be protected, within
>reason and reasonable limits.)
>I'm curious to hear of any solutions Unisog subscribers may have
>put into place for large-scale secure mail service.
>By that I mean solutions that may run the gamut from
>public/private key (e.g., classic PGP) to what I see as the
>opposite extreme, the repository model (e.g.,
>My concerns are ease-of-use, scalability, and the ease of
>allowing people outside the enterprise to join in (e.g., a
>doctor here needs to consult with a doctor outside, and do so
>securely.  How best to include that outside doctor in our
>scheme?  Or a person cannot for some reason use a plug-in to
>play; how do we allow that person in?)
>[I personally have been using PGP for nearly ten years, so I
>have to recuse myself as an example of a typical user.]
>One ideal solution proposed to me (though I think it an unlikely
>one to make happen) is a push-button that says, "Send Secure
>Mail" within some GUI.  That's one point of view.
>We recognize that no one solution is going to handle everyone,
>so if we can hit 80% of the population, that might be a good
>start.  Defining the population is also important (some
>examples: mailing SSNs, while bad in nearly every way, happens
>every day, so that may as well be done securely; sending grades
>happens too; on the other hand, person-to-person chatter
>probably need not be secured; protected health information, such
>as that defined by HIPAA, is very much a target, however, as is
>FERPA-protected data; I'm sure you can add your own items to
>this very spotty list), and so I would be glad to hear privately
>or publicly from anyone who has done this successfully.  I have
>a couple of ideas of how to proceed, but would like to hear what
>people in this group may think.
>For context, I'm working within a large private university
>(>50,000 live accounts minimum, possibly another 20,000 more)
>and the school is entwined with a handful of hospitals (and
>their business partners), as well as medical, dental, nursing,
>public-health, psychiatric schools, and plenty of other
>HIPAA-sensitive areas.  In general, if you can think of some
>constraining U.S. law that might apply, we likely have to live
>under it.
>If you have information you'd like to share, I'd love to hear
>what you did.  Even crash-and-burn failures are of interest to
>me.  I'm not ruling out anything at this point.  I'm trying to
>learn from any possible angle.
>Thanks in advance for any stories you can share.  If you want to
>be kept confidential, just say so and I won't cite you as a
>source in my internal report.  Also, if this spawns an open
>discussion, that would be great too.  I'm trying to learn from
>the pioneers with the arrows in their backs 8-) as well as from
>those who can declare success stories.

More information about the unisog mailing list