1 |
On Thu, May 23, 2019 at 12:49 PM Mick <michaelkintzios@×××××.com> wrote: |
2 |
> |
3 |
> On Thursday, 23 May 2019 16:40:23 BST Dale wrote: |
4 |
> > Howdy, |
5 |
> > |
6 |
> > I'm trying to get some legal work done. I'm trying to do this over |
7 |
> > email with a lawyer. For obvious reasons, I want to do this encrypted |
8 |
> > but suspect they are not set up for this. |
9 |
> |
10 |
> Have you asked them? If they have some setup they use to ensure client |
11 |
> confidentiality and data privacy, you'd be much better off to jump onto their |
12 |
> system, rather than trying to negotiate the configuration of PGP and S/MIME |
13 |
> with legal staff who may have zero technical capability and poor/uncooperative |
14 |
> IT support. |
15 |
|
16 |
++ |
17 |
|
18 |
From what I've seen these sorts of systems are usually just security |
19 |
theater, such as emailing you a link to go to an SSL website to view |
20 |
the "secure" message, never mind that somebody else could do the same |
21 |
thing if they intercepted your email. But, it probably satisfies some |
22 |
box-checker because the actual message is transmitted over SSL. |
23 |
|
24 |
I think this is probably the best you're going to do if you're not |
25 |
communicating with people who get crypto, which is just about |
26 |
everybody. |
27 |
|
28 |
Otherwise the rest of the email already covered some of the details. |
29 |
You can just add multiple identities to a single GPG key or x509 |
30 |
certificate, but if they aren't already using PKI/etc that seems like |
31 |
a huge uphill battle. |
32 |
|
33 |
I think a corporate environment is much more likely to be using |
34 |
S/MIME/etc than GPG. When I've seen these there is usually a central |
35 |
CA that has some way to systematically assign certificates to |
36 |
employees. Often this is only done on request. |
37 |
|
38 |
Law firms are also notoriously bad at IT from what I've seen. I know |
39 |
a lawyer or two and many of these firms just let every partner do |
40 |
things their own way, and their individual staff follow the partner's |
41 |
lead. They're as bad as doctors, especially since the whole EMR thing |
42 |
hasn't hit lawyers in the same way. |
43 |
|
44 |
-- |
45 |
Rich |