PGP or SSL

[CarlZ]

For a small office environment primarily email, which of the above would be
most advisable

Thanx

CR

 

[Allan]

For a small office environment primarily email, which of the above would
be most advisable

Thanx

CR

Your question is not well defined, therefore my best answer would be "both"
are advisable. Why do you want PGP for email? Can you use GNU gpg ? Is there
a server? I think you need all the security you can get these days.

 

[Thor Kottelin]

Hello CR,

You wanted to know whether PGP or SSL would be better for your small
office environment.

A mail server running SSL encrypts the message during transit (SMTP
submission, IMAP, POP3 and/or https). It will probably also protect your
login password from sniffage. However, your message will probably be
stored in the clear. Also, not many MX hosts support what is known as
opportunistic encryption; your message will therefore likely travel in the
clear as it leaves your server.

PGP allows for end-to-end encryption of the message body; in other words,
the message body will remain encrypted during almost its entire existance.
However, PGP will not protect your message headers (e.g. "From:", "To:",
"Subject:") nor your password.

My suggestion is to consider using both PGP and SSL, since they perform
different duties, both important.

Good luck,

--
Thor Kottelin
CISM, CISSP
telefax +358 102 961 064
(e-mail address removed), PGP 0x327B7345
http://www.anta.net/