Comments on: Time To Put Email In an Envelope

By: Duane

Duane — Fri, 16 Apr 2010 05:06:44 +0000

Sorry for sounding salesy. I’ll try to be more educationy: You can think of Voltage as the next generation of PKI with their identity-based encryption algorithm (IBE). Key management is built into the model so keys can be generated and re-generated on demand. This means that your admin costs go way down and usability is great because you can send an encrypted message to anyone with an email address…recipients don’t need to do anything first (get a cert/PGP key, etc.) Ad-hoc (non-Voltage) recipients authenticate themselves to a key server and the key is generated for them in order for them to decrypt and read their email. IBE is even on track to become a standard (RFC 5091) and you can get a lot more detail at the Voltage website or try it out yourself to understand it’s simplicity…compared to technologies that have been around for YEARS and still haven’t been easy enough to use to gain widespread acceptance.

Voltage seems to be getting a lot of traction with very large companies in a lot of industries. (probably sounding a little too marketingy again). Anyway, Voltage is definitely worth checking out.

By: Mark Draughn

Mark Draughn — Wed, 17 Mar 2010 17:10:18 +0000

Duane, you sound a bit like a member of the Voltage sales staff. I don’t know enough about encryption issues to tell if Voltage is a good solution for anything, and I’m curious about how key distribution works if you can send mail to non-voltage users. Where do you get their key?

By: Mark Draughn

Mark Draughn — Wed, 17 Mar 2010 16:48:40 +0000

It’s like living in paranoia Nirvana, handing out your PGP key to your secret friends. Do we really want to be reduced to that?

No, which is why we should give everyone our PGP key, and everyone should encrypt everything all the time. That’s the point of the envelope analogy: Encrypting your email is no more paranoid than putting letters in envelopes.

By: Duane

Duane — Wed, 17 Mar 2010 15:31:13 +0000

A really good email encryption option is Voltage SecureMail. It solves a lot of the usability challenges that existed with previous encryption technologies.

Voltage SecureMail can easily send encrypted email to anyone.

Voltage SecureMail has Outlook plug-ins or you can use a web interface for sending encrypted email. Messages are completely controlled by the sender and recipient in their sent folder and inbox. No messages are stored on servers.

Recipients don’t need any special software to decrypt and read their messages, just a browser. And recipients don’t need to pay to read their email. In fact, they even get free support from Voltage. It’s much easier to use than PGP, S/MIME or other older solutions…and just as secure…which is probably why they can afford to offer free support to their customers and recipients…unlike those other solutions.

It’s an ideal solution to help address state privacy regulations in Massachusetts and Nevada as well as the more general HIPAA, SOX, PCI requirements, etc.

There is a free trial at: http://www.voltage.com/vsn

By: shg

shg — Tue, 16 Mar 2010 21:47:11 +0000

It’s like living in paranoia Nirvana, handing out your PGP key to your secret friends. Do we really want to be reduced to that?

By: Mark Draughn

Mark Draughn — Tue, 16 Mar 2010 19:23:51 +0000

Heh. But seriously, nobody gives me their PGP keys because nobody has PGP keys because nobody cares about encryption. Except maybe Mark Bennett — he has a PGP key — but even then I doubt he has much use for it.

By: shg

shg — Tue, 16 Mar 2010 19:12:10 +0000

“But it’s not up to me, because most of the people I email haven’t given me their PGP keys.”

Do you ever wonder why the other boys won’t play with you?