[unisog] Gmail for the University

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Tue Feb 28 06:42:54 GMT 2006


On Mon, 27 Feb 2006 11:58:07 EST, Eric Hoelzle said:

> I consider (expect) email to be private (secure) once it hits a
> message store.  I also expect whomever runs that message store to
> prevent unauthorized access to my data...this may or may not require
> encryption.

Now for the $64 question - do you insist on it being *private*, or does it
suffice that it is *confidential*?  The biggest  effective difference between
them arises if a member of the systems staff has to start digging through the
e-mail to find and fix a problem. It sometimes requires looking at message
headers and sometimes even bodies - I don't know of any message store that
guarantees *privacu* at that point (we had one melt-down caused by deeply
nested MIME bodyparts (like 100+ levels deep, gaak) choking up our A/V scanners
- no *way* you'll debug that without looking at a few message headers and
bodies - if the message store was encrypted, we'd have been stuck).  On the
other hand, *confidentiality* only requires that the 4 or 5 people that have
the access to the store know the rules about disclosure and can be trusted to
follow them....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20060228/8d924e4c/attachment-0001.bin


More information about the unisog mailing list