Hi Adrian,
On Sat, 2004-06-26 at 21:23, Adrian Midgley wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Saturday 26 June 2004 15:36, Sean Radford wrote:
>
>
> > Then I noticed their 'Clinical Email' system and can't quite believe
> > that I'm not forced into SSL again! How can I 'safely send sensitive,
> > clinical data' (in their words) then?
>
> Hi Sean.
>
> You know and I know that the answer is "by encrypting the clincial data using
> a suitably strong encryption system, for the user or Practice/department it
> is intended to be read by" and that GNU Privacy Guard is the best appraoch to
> that, although PGP woudl do at a pinch.
>
I agree totally that their approach is really not appropriate and that
the technologies you mention (or in my view, even better SPKI) are
really what's needed.
My main issue is that they appear to have made a such a school-boy error
that should never have got past any form of testing. And if that is the
case, then how confident can anyone be as to the quality of the system
that we cannot see...
Makes me a little angry.
Sean
>
>
> - --
> Adrian Midgley (Linux desktop)
> GP, Exeter
> http://www.defoam.net/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
>
> iD8DBQFA3dswb80am9d/StcRAoHgAJ9+FPnaEzpGjAXAjesw9nXGjU554wCdEaT/
> XqbtNhPwEnWlL9IiPpIYH3k=
> =mcwM
> -----END PGP SIGNATURE-----
--
Dr. Sean Radford, MBBS, MSc
[log in to unmask]
http://bladesys.demon.co.uk/
|