[Hidden-tech] Encryption question?

[RA Cohen]

Everyone has the same problem: how to securely communicate with others. If you 
know the party and communicate with them routinely, then pgp keys can be 
exchanged and a variety of email clients will more or less work with this. 
However, how do you do this when the party is new, doesn't want, or can't 
exchange keys? The answer is: Secure Messaging.

In its simplest form, the document/information you need to deliver lives on a 
server in your control. You simply send the receiving party a SECURE LINK to 
the document. They get to it thru an ssl browser session, and voila, you are 
done. It never travels the email universe (only the secure link does). When 
your recipient clicks on the link you can also have varying levels of 
security, from no login required, to a username and password combination.

When you combine this with secure and audit-trail producing storage, you have 
a win/win combination.

There is at least one product with these capabilities I wholeheartedly 
recommend: KnowledgeTree. And there is a community/open source version I use 
regularly.

Hope this hasn't confused the discussion,

-Roy


On Fri March 12 2010 09:32:18 Roger Williams wrote:
>    ** Be sure to fill out the survey/skills inventory in the member's area.
>    ** If you did, we all thank you.
> 
> >>>>> Kevin Phillips <kevin at kpitconsulting.com> writes:
>   >
>   > Zixmail is OK for email encryption that integrates with Outlook or can
>   > run stand alone.
> 
> If you need to use Outlook, you're still better off using GnuPG.  The last
>  I knew, Gpg4win still didn't work properly with Outlook 2007 (it works OK
>  with earlier versions), but there are other Outlook 2007 plugins like
>  OutlookGnuPG (http://www.cumps.be/gpg-in-outlook-2007-outlookgnupg/).
> 
> I can't recommend Zixmail for any application other than perhaps dedicated
> intra-company low-grade encryption and time-stamping.
> 
> It's a proprietary product, from a company that's refused to disclose their
> security algorithms for review in the cryptography community, with a FAQ
>  that reeks of snake oil.
> 
> Worse, anything you send via the Zix "feature" that claims to deliver
>  secure mail to non-users will be decrypted by a public server before being
>  sent to its destination via an SSL-secured browser connection.  Calling
>  this level of security "casual" would be very charitable.  PGP
>  self-decrypting archive files are many orders of magnitude more secure,
>  even if the pass phrases you make up are only "average quality".
> 
> Unfortunately, doing encryption right is a difficult job, and Zix has
>  erected as many obstacles as they can to doing it right.  Zix is just
>  another PGP replacement that falls way short of the mark for both security
>  and utility.
> 

-- 
413-223-9007 opt 1
www.net-vantage.com

Our Mission:

"Providing the same technology advantages enjoyed by large organizations to 
small and medium-sized businesses, professional practices, schools, and non-
profits, at a realistic and practical cost."