GnuPG between Sendmail servers

Oliver Schönrock
Wed Apr 3 20:16:02 2002

Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

--On 03 April 2002 19:50 +0200 Adrian 'Dagurashibanipal' von Bidder=20
<> wrote:

> I'd ask myself if it wouldn't be easier to set up a VPN (IP/Sec with
> S/WAN or something like that) and have the network take care of
> encryption.

Wow, great responses with many ideas.

So we have

1. G-N-U Gmbh's GEAM (=3D Geam Encrypts All Mail) server
2. Sendmail itself V8.11+, using STARTTLS
3. ssmail for sendmail with dynamic key generation
4. and VPN/IPSec based solutions

I had thought of No 4 when I first came across this app, but have been=20
advised that keeping VPNs up and running long term can involve a lot of=20
work and no guaranteed success. Also it seemed more logical to use an=20
"asynchronous" secure connection (sorry if that's not the right term) for=20
what is an asycnhronous process, rather than trying to keep a VPN live 24/7 =

for infrequent and peaky mail traffic. That's when I started looking at =

ssmail sounds quite cool also, but I not sure that the key per email is=20
good for my application since I need remote control of the operation (ie=20
the keys). If someone understands this better, please let me know.

Sendmail itself with TLS is obviously a great option, my question here (to=20
save me some time reading the whole manual before I even think about making =

a decision) would be: "does sendmail/STARTTLS allow for remote allocation=20
of keys. In other words can I control the operation of the secure comms=20
remotely?" Any shared prior knowledge would be much appreciated.

Lastly, the GNU GEAM server, while obviously not as native as the Sendmail=20
solution might provide management services suited to my app which may=20
outweigh is disadvantages.
-Is anyone familiar with what GNU provides over sendmail/STARTTLS?
-Is their a difference in the level of security of TLS vs GnuPG/GEAM?
-Is their more flexibility of adding single clients into the secure network =

(which may be a requirement for my app)?

Thanks again


Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

Version: GnuPG v1.0.6-2 (MingW32)