| 1 |
On Thu, May 23, 2019 at 12:49 PM Mick <michaelkintzios@×××××.com> wrote: |
| 2 |
> |
| 3 |
> On Thursday, 23 May 2019 16:40:23 BST Dale wrote: |
| 4 |
> > Howdy, |
| 5 |
> > |
| 6 |
> > I'm trying to get some legal work done. I'm trying to do this over |
| 7 |
> > email with a lawyer. For obvious reasons, I want to do this encrypted |
| 8 |
> > but suspect they are not set up for this. |
| 9 |
> |
| 10 |
> Have you asked them? If they have some setup they use to ensure client |
| 11 |
> confidentiality and data privacy, you'd be much better off to jump onto their |
| 12 |
> system, rather than trying to negotiate the configuration of PGP and S/MIME |
| 13 |
> with legal staff who may have zero technical capability and poor/uncooperative |
| 14 |
> IT support. |
| 15 |
|
| 16 |
++ |
| 17 |
|
| 18 |
From what I've seen these sorts of systems are usually just security |
| 19 |
theater, such as emailing you a link to go to an SSL website to view |
| 20 |
the "secure" message, never mind that somebody else could do the same |
| 21 |
thing if they intercepted your email. But, it probably satisfies some |
| 22 |
box-checker because the actual message is transmitted over SSL. |
| 23 |
|
| 24 |
I think this is probably the best you're going to do if you're not |
| 25 |
communicating with people who get crypto, which is just about |
| 26 |
everybody. |
| 27 |
|
| 28 |
Otherwise the rest of the email already covered some of the details. |
| 29 |
You can just add multiple identities to a single GPG key or x509 |
| 30 |
certificate, but if they aren't already using PKI/etc that seems like |
| 31 |
a huge uphill battle. |
| 32 |
|
| 33 |
I think a corporate environment is much more likely to be using |
| 34 |
S/MIME/etc than GPG. When I've seen these there is usually a central |
| 35 |
CA that has some way to systematically assign certificates to |
| 36 |
employees. Often this is only done on request. |
| 37 |
|
| 38 |
Law firms are also notoriously bad at IT from what I've seen. I know |
| 39 |
a lawyer or two and many of these firms just let every partner do |
| 40 |
things their own way, and their individual staff follow the partner's |
| 41 |
lead. They're as bad as doctors, especially since the whole EMR thing |
| 42 |
hasn't hit lawyers in the same way. |
| 43 |
|
| 44 |
-- |
| 45 |
Rich |
Archives