[liberationtech] Identity Based Encryption
Steve Weis
steveweis at gmail.com
Tue Jun 25 12:35:05 PDT 2013
tl;dr: It depends whether you care about security or compliance.
IBE has worked in practice for enterprises who want to enforce centralized
control of encrypted messages and meet compliance regulations. These
enterprises would typically operate the private key generator, although
there are variants in the literature.
In practice, I've seen Voltage Security's IBE email offering being used for
customer emails by a few large companies. Wells Fargo and ADP are two that
come to mind. They're using IBE to meet compliance regulations when
emailing customers' account information. These businesses can recover
encrypted customer messages if they wanted to.
Voltage's product doesn't require software installation and downloads an
HTML file with JS decryption code for each message. That should be a red
flag for recipients. However, I don't think that matters to the companies
using it. They just want to show they aren't transmitting account details
in the clear.
On Tue, Jun 25, 2013 at 7:57 AM, Mrs. Y.
<networksecurityprincess at gmail.com>wrote:
>
> I'm in a position to recommend/suggest an encryption solution for email.
> The audience is *very* sensitive to privacy, but not very technical. IBE
> seems to solve this, but there are concerns with the PKG (private key
> generator) being in the cloud. Thoughts?
>
>
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130625/1d130a95/attachment-0001.html>
More information about the liberationtech
mailing list