[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access to Storage and Communication Keys




On Mon, 9 Jun 1997, Bill Stewart wrote:

> Having argued that point vociferously in the past, I'm now going to
> waffle on the issue - while the business need is for access to
> stored data, this may often include stored messages received from
> a communication system in encrypted form.  Either the User Interface
> needs to make it convenient to store the decrypted message,
> or else the user will store the message in encrypted form -
> which means there may be a business need for Proper Authority Access later.

Move all accounts that use corporate secured email to a secure local
server (e.g. per office), and do something like a procmail recipe that
will decrypt automatically and forward the plaintext to the recipient
(archiving as per policy).  If the messages need security, then they don't
leave the secured server and the accounts are such that I can't read other
people's mail directory and others can read mine.  All the keys are
generated and maintained on this server so passwords are controlled by
the administrator.

Or just have them use the encryption within the corporate standard word
processor, and spend the $100 or so for the 5-second cracking program.

You can automate security to prevent user's not following procedure
(saving encrypted files).  You can't do much about malice or creativity
(e.g. my PGP on my laptop).