[CS-FSLUG] more help - secure e-mail data?

Tim Young Tim.Young at LightSys.org
Sat Mar 12 12:16:11 CST 2005 

Hi Ron,
Sorry I did not respond sooner.  I have been working with secure email of
various sorts for a number of years, in particular in conjunction with mission
organizations.

With secure email you have a few issues to look at, not just "how is it
received."  You need to look at the email circuit as a whole and see what you
can do to encrypt as much of it as possible.

There are two main types of encrypted email, content based encryption (pgp,
gpg) and stream based encryption (SSL, vpn, etc).  There are good things and
bad things about each of these.  But the first thing you will need to look at
is, "where is the email originating?".  Does a site in the USA receive the
satellite positioning information and email it, or does the email originate
in-country?  And what sort of encryption can the originating server do?

The reason for this is basically that if only part of the email trip is over
encrypted lines, then part of it is not.  It is often better not to have any
encryption and realize that there is none, than to think you are being secure,
but only having armor on half of the body.

If the email originates within a "safe" country and goes directly to a secure
server within that same safe country, then that is usually considered secure.
If it travels outside the country of origin and through a few "unsafe" or
"unknown" countries before reaching the server that provides encryption for the
trip into the target country, this is a potentially "dangerous" position.  It
is not always a really bad position, but an unsafe one.  You need to think
carefully about who could benefit (or harm you) from having access to the
locations of the planes.  And if that information is available to them through
any of the path that the email goes while "insecure", then you should not use
that path.

At one time Hushmail had backup servers in one or two other countries.  I am
not sure where they are at now.  There are a number of good, secure email
servers that you can have access to, and it is not all that difficult to set
one up for yourself.  For this particular purpose, you could use a small Linux
box with a self-signed certificate to provide a secure mail server for this
task.  If the email originated in the USA, it is easy to set up a small server
in the USA and would be considered fairly secure, downloading the encrypted
email into another country.  You would have the cost of the server and the
domain registration, but that would be the extent of the financial cost.
(there is always the cost of maintaining the server which needs to be
considered.)  And then, services like Hushmail may also do the job nicely.

Anyway, that is the short of it.  If you would like greater details about
secure email I have a workbook in PDF that I could send you that chapter of.
It explains in greater detail a lot of the issues for secure email in general
with an emphasis on the missionfield.

Blessings,

    - Tim Young, Field Consultant
    LightSys Technology Services
    www.lightsys.org

"R. Thompson" wrote:

> And again I turn to the list for help :-)  I'm glad you're there.
>
> I've been doing some research work for a mission, who are looking at
> using one of the satellite vehicle tracking systems to track their
> aircraft.  As some of their bases of operation are remotely located the
> only internet access they have is slow.  They have the option of
> installing the tracking software and maps on their own PCs and receiving
> the the position reports (every few minutes) via e-mail.  They are
> concerned about the security of the data in the e-mail, they do not want
> unauthorized persons getting access to aircraft locations and
> movements.  What should they be looking for, is there such a thing as
> encrypted or secure e-mail?
>
>      Ron T.
> --
> Ron G. Thompson, |^|
> Prince Albert, Saskatchewan, Canada
> www.petomai.org   ron at petomai.org
> "Who are these that fly as a cloud, and as doves to their window?" Is
> 60:8
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com

More information about the Christiansource mailing list