lst_hoe02(a)kwsoft.de wrote:
This guy has completely overlooked the policy settings possible with
Djigzo:
S/MIME gateways can create fatal security breakdowns | CSO Online
The advantages he counts for EchoWorx mostly are present in Djigzo as
well if i understand it correctly??
I have a mixed feeling about the article. In the article he refers to he
asked for solutions to allow virus scanning of S/MIME encrypted
messages. Because an S/MIME encrypted message can only be opened with
the correct key you somehow need to decrypt the message just before
virus scanning. There is no free lunch, you either cannot scan the
message or you have to decrypt it. He then 'complains' in the article
that the message is decrypted before virus scanning. The EchoWorx
solution he prefers is afaik more-or-less a webmail solution. A link is
sent to the recipient via email. The user clicks the link and can open
the message online. The message is not encrypted and the message itself
is stored online on the EchoWorx server. If this server is hacked all
email will be accessible.
ยทยทยท
--
Djigzo open source email encryption
Zitat von Martijn Brinkers <martijn(a)djigzo.com>:
lst_hoe02(a)kwsoft.de wrote:
This guy has completely overlooked the policy settings possible with
Djigzo:
S/MIME gateways can create fatal security breakdowns | CSO Online
The advantages he counts for EchoWorx mostly are present in Djigzo as
well if i understand it correctly??
I have a mixed feeling about the article. In the article he refers to he
asked for solutions to allow virus scanning of S/MIME encrypted
messages. Because an S/MIME encrypted message can only be opened with
the correct key you somehow need to decrypt the message just before
virus scanning. There is no free lunch, you either cannot scan the
message or you have to decrypt it. He then 'complains' in the article
that the message is decrypted before virus scanning. The EchoWorx
solution he prefers is afaik more-or-less a webmail solution. A link is
sent to the recipient via email. The user clicks the link and can open
the message online. The message is not encrypted and the message itself
is stored online on the EchoWorx server. If this server is hacked all
email will be accessible.
Of course the whole Gateway thing is two-sided, but the paragraph i
refer to was this one:
I don't know about you, but when I'm doing S/MIME, I tend to make
mistakes. >Every now and then, I forget to encrypt messages to
people that I should. Most >S/MIME clients don't make it easy to
create rules that enable S/MIME for some >recipients and not for
others. It's either all or nothing, or it's manual. And >when it's
manual, people make mistakes. So I like that EchoWorx takes care of
>the policy issue as well. Solving that problem alone is enough to
make me >overlook the other end-to-end problems.
This sounds like he has not notice that Djigzo is able to do policy
based decisions as well...
Regards
Andreas