RE: Using TLS to Secure Email

  • From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 28 Feb 2005 12:00:15 -0500

I saw this one after the other post.

If you're just going to do this for a few offices, TLS might work out just
fine.  If you're going to go over that, or if you're worried that somebody
might mis-type the address (destination vs. policy encryption) then this
won't do much good.  

Typical compliance induced architecture wants the solution to be able to
work regardless of employee mistakes.  For operational ease of use, you
would often also want the solution to work without user intervention and
have it be used for many data types vs. everything.  

TLS is for everything between two servers.  What if the destination has
multiple mail servers?  Or if they change mail servers due to some upgrade
etc?  TLS often more restrictive than everybody is willing to deal with and
requires some care and feeding as nodes change. TLS also doesn't understand
policy or content so you get an all or nothing solution with TLS.

I would try not to use TLS if I could help it, for external communications.
It's not granular enough nor able to deal with mis-typed emails and so
forth.  Instead I'd look for something that had policy and content based
intelligence and could apply encryption etc to messages based on criteria I
set. 


My $0.04 anyway.

Al

-----Original Message-----
From: Kevin Bachelder [mailto:kbachelder@xxxxxxxxxxxxxx] 
Sent: Monday, February 28, 2005 10:30 AM
To: [ExchangeList]
Subject: [exchangelist] Using TLS to Secure Email

http://www.MSExchange.org/

Hi all,

I am the IT manager for a small company and a handful of our clients are
medical offices.  I have been looking into server-based solutions to secure
our email communications in light of the upcoming HIPAA security deadline.
Unfortunately, many of the good products (i.e. easy to use) cost several
thousand dollars.  I have done some research and it looks like using TLS
(Transport Layer Security) between our email server and our recipients'
server would do the trick and would not be that expensive to implement.

Has anyone else used this approach or care to comment on this idea?


Thanks in advance for your time and feedback,

Kevin Bachelder 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


Other related posts: