From owner-freebsd-questions@FreeBSD.ORG Thu Jul 31 20:56:40 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8381A1065670 for ; Thu, 31 Jul 2008 20:56:40 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-103.bluehost.com (outbound-mail-103.bluehost.com [69.89.22.13]) by mx1.freebsd.org (Postfix) with SMTP id 4E09A8FC1B for ; Thu, 31 Jul 2008 20:56:40 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 11906 invoked by uid 0); 31 Jul 2008 20:56:37 -0000 Received: from unknown (HELO box183.bluehost.com) (69.89.25.183) by outboundproxy3.bluehost.com with SMTP; 31 Jul 2008 20:56:37 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=apotheon.com; h=Received:Received:Date:From:To:Subject:Message-ID:Mail-Followup-To:References:Mime-Version:Content-Type:Content-Disposition:In-Reply-To:User-Agent:X-Identified-User; b=KwZP2UsZYorocDCEjJh3homIQILDKIzRO1h4rzwkvAZM5vVPOML7CbjAa25hdL6aQa4WODzkd1NPVBB0XdMqlveWR0kaDQ2tsgQDYZhXPaO0z5eKyT/l8R2Mlwh2QCgX; Received: from c-24-8-180-234.hsd1.co.comcast.net ([24.8.180.234] helo=kokopelli.hydra) by box183.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1KOfCO-0000Ll-EK for freebsd-questions@freebsd.org; Thu, 31 Jul 2008 14:56:37 -0600 Received: by kokopelli.hydra (sSMTP sendmail emulation); Thu, 31 Jul 2008 14:50:33 -0600 Date: Thu, 31 Jul 2008 14:50:33 -0600 From: Chad Perrin To: FreeBSD Questions Mailing List Message-ID: <20080731205033.GA6805@kokopelli.hydra> Mail-Followup-To: FreeBSD Questions Mailing List References: <4890694A.9030607@lvor.halvorsen.cc> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TB36FDmn/VVEgNH/" Content-Disposition: inline In-Reply-To: <4890694A.9030607@lvor.halvorsen.cc> User-Agent: Mutt/1.4.2.3i X-Identified-User: {737:box183.bluehost.com:apotheon:apotheon.org} {sentby:smtp auth 24.8.180.234 authed with ren@apotheon.org} Subject: Re: OT: encrypted email using web based application X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2008 20:56:40 -0000 --TB36FDmn/VVEgNH/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 30, 2008 at 03:14:50PM +0200, Svein Halvor Halvorsen wrote: > Andrew Gould wrote: > > If I start with Subject line with the word "secure" using my work's ema= il > > system, the email is sent to a secure, web based application where the > > recipients can view the message securely. The recipients receive a mes= sage > > that a secure email message is waiting for them there. They have to cr= eate > > an account based upon their email address to view the message. They do= not > > have to recreate the accounts for future messages. > >=20 > > This system is easy to use; and we don't have to worry about whether the > > recipients have PGP or GPG. Is there an open source application that d= oes > > this? >=20 > How is this secure? Ok, I can see that if the message is served over > https, then the network packages themselves cannot be sniffed > easily. But as long as the recipient did not give you the key to > use, then this is not secure. Why should the recipient trust the server? >=20 > Whether there is an open source solution, I don't know however. It depends on your definition of "secure" -- which can vary from one circumstance to another. If the emails in question are "company property", there's no reason to consider access to the emails by company officials a breach of security. On the other hand, if sensitive company information is sniffed in plain text on the network, that could be disastrous. =46rom the sound of it, the circumstances the OP described refer to such a situation -- one where strict person-to-person privacy isn't a necessary goal of relevant security concerns. --=20 Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] Scott McNealy: "Microsoft is now talking about the digital nervous system. I guess I would be nervous if my system was built on their technology too." --TB36FDmn/VVEgNH/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkiSJZkACgkQ9mn/Pj01uKWu+wCgjnRTlQQ/ZJ6xQ+dDixGzzaHM 6Q0An3ohI17xPtj91WdH2e05v0GbIF6v =tc2A -----END PGP SIGNATURE----- --TB36FDmn/VVEgNH/--