KU’s digicert SMIME email; my memo

Posted on 2012/05/15 by pauljohn

Here's the gist of it: You can sign up through KU for a Digicert certificate to secure email within KU. There's no excuse anymore for sending secure information in email without encryption.

Longer explanation

For securing email communications, there are 2 leading approaches, PGP and S/MIME. Both of these systems give the user a
"two part" security system. A private part, that you use to "decode" messages, and a public part, that others use to encrypt messages to you and to verify your identity when you send messages to them. I now have both of them set up in my computer. Contrary to the KU website, it is not necessary to use Outlook as your mail client and you need not have
Windows or Macintosh to make this work.

PGP is what I use most of the time because its is free and fairly widely used throughout the world. I've been using
Thunderbird for email for a long time and an addon called "Enigmail" works with PGP. When I want to send email to
people, I go check on a public PGP key server, such as http://pgp.mit.edu. For WIndows users, there is a free/open
implementation gpg4win and a PGP key manager program called Kleopatra that comes with it.

KU decided to go in a different direction.

The S/MIME system is based on SSL certificates. One's email program can be configured to use either/both PGP and
S/MIME. Until now, I avoided S/MIME because secure certificates are expensive. If you buy one for yourself personally,
the price can be substantial. KU has arranged with the Digicert company to create certificates, however, so for faculty
and staff, it is free to get a certificate pair.

Now that this system exists, and is integrated into the KU Outlook mail server system, it seems to me you have no excuse
for using plain old insecure email when you are communicating about budgets and ID numbers. Please go here and sign up
for certificates. Lets see if we can make encrypted mail work.

http://www.technology.ku.edu/ca/digicert/index.shtml

What's the down side? KU's not paying for the certificates for students, and they certainly don't provide the
certificates for people at other institution. So I still use PGP more often than S/MIME (Digicert), but I need to have
both because KU administrators think that the S/MIME system is preferred.

pj

About pauljohn

Paul E. Johnson is a Professor of Political Science at the University of Kansas. He is an avid Linux User, an adequate system administrator and C programmer, and humility is one of his greatest strengths.
This entry was posted in Uncategorized and tagged . Bookmark the permalink.