JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for GP-UK Archives


GP-UK Archives

GP-UK Archives


GP-UK@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

GP-UK Home

GP-UK Home

GP-UK  March 2009

GP-UK March 2009

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

Re: FOIA - Re: Enquiry re NHS Mail system

From:

Peter von Kaehne <[log in to unmask]>

Reply-To:

GP-UK <[log in to unmask]>

Date:

Sat, 7 Mar 2009 11:00:05 +0000

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (166 lines)

This is the response I finally received. It took them a lot longer than 
the 20 days to come up with it. And I forgot to post it here. Sorry.

-------------------------------------------------

Mr von Kaehne,

Following an exchange of emails with Will Moss, our NHSmail programme head,
on a number of technical issues concerning access to NHSmail by
non-Microsoft users, you have expressed dissatisfaction with the answers Mr
Moss provided.  In an email of 16 January you asked that what you have
interpreted as a decision by NHS Connecting for Health to withhold
information be reconsidered. On Mr Moss' behalf, I am now replying to that
request, for reasons that I trust will be clear from the details of my
signature block below.

The FOI Act obliges public authorities to respond to requests for
information promptly, and in any case no later than 20 working days after
receiving your request.  I very much regret, and aplogise for, the fact
that we have failed to meet that deadline on this occasion.  Let me assure
you that the reasons for this are in no way due to lack of urgency in
attening to the matter on Mr Moss' part.

I set out below your original questions, and am now able to provide
additional information/explanations.

1: Are you going to provide IMAP/POP3/SMTP/LDAP access to users outside of
the N3 network? If not, why not?

Yes. IMAP and POP access is available to NHSmail users over the internet
via the Whale / IAG (VPN) client (available for download at
https://client.nhs.net)


2: If you provide such access, is such access inextricably tied to using
Internet Explorer on Microsoft Windows connecting via Whale Communications'
applet to a SSL based VPN?

No. NHSmail can be accessed via browsers other than Microsoft Internet
Explorer.  The Whale / IAG VPN is currently being tested against
non-Windows based platforms


3: Or will there be the possibility to connect from non Microsoft Computers
to this SSL based VPN - even if no explicit support is provided beyond the
bare settings? If not, why not?

The Whale / IAG VPN is currently being tested against non-Windows based
platforms. If this testing shows that non-Windows platforms are able to use
the Whale / IAG VPN securely within the security design of the NHSmail
service users will be informed but any such use will not be supported


4: Are you aware that eGIF mandates standards based provision of services
like email, i.e. IMAP, POP3 and SMTP?

In your response of 16th January 2009 you pointed out that section 4 of
eGIF (version 6.2) states ‘e-mail products that provide advanced mail
access facilities shall conform to IMAP for remote mailbox access.  For
completeness the full relevant reference is reproduced below:



(Document available at:
http://www.govtalk.gov.uk/documents/TSCv6.2_2005_7_14_final.rtf )

However, a key point to note is that section 2.3 of the interconnection
section of e-Government Interoperability Framework states:

      “Within government, the norm will be to use the intrinsic security
      provided by the Government Secure Intranet (GSI) to ensure email
      confidentiality. Unless security requirements dictate otherwise,
      outside the GSI and other secure government networks one of the
      following shall be used: S/MIME or secure mail transport and secure
      mail access standards protected using at least 128 bit TLS/SSL
      connections.”

(Document available at: http://www.govtalk.gov.uk/documents/eGIF%20v6_1.rtf
)

As you know the NHS does not use the GSI to connect NHS Organisations but
has its own private intranet by way of N3. As stated in Mr Moss’ previous
response POP, IMAP and SMTP access is fully available over the N3 network
with transport layer security.  The intrinsic security provided by N3 with
transport security enables IMAP, POP and SMTP to be provided over N3 and to
meet the security requirements of the service.

Over the Internet the security requirements for POP, IMAP and SMTP access
cannot be satisfied without the use of the additional security products
supplied.  The security requirements of the service are met via the
following access methods with no need for any additional security products:

      - Browser based access with Internet Explorer, Mozilla Firefox and
      Safari
      - Outlook anywhere with Microsoft Outlook 2003 and 2007
      - Entourage for Exchange Web Services (unsupported)


In your 16 January email you have asked :
Please provide me with all information relevant to the decision to
explicitly deny access to non Microsoft users to the email services beyond
the Web mail access, given that the eGIF document states that IMAP should
be provided.

It should be clear from the above explanations that no such decision has
been taken.

You further asked : Please provide any and all technical information which
would allow non Microsoft users to gain legitimate access to NHSnet via
IMAP, POP3, SMTP and LDAP from outside of N3, even if you have decided to
not provide explicit technical support to such a solution.

Relevant information is contained at pages 80 ff in the document, NHSmail :
Email Configuration Guide version 1.4, viewable at :

http://nww.connectingforhealth.nhs.uk/nhsmail/technology/Email.pdf

In my view all the questions you have raised to date in your emails to Mr
Moss have now been answered in full.

If you are unhappy with the way we have handled your request, you may ask
for an internal review. If you wish to complain, you should contact

Section head
The FOI Unit
Room 334B
Skipton House
80 London Road
LONDON
SE1 6LH

Email: [log in to unmask]

If you are not content with the outcome of the internal review, you have
the right to apply directly to the Information Commissioner for a decision.
The Information Commissioner can be contacted at:
      Information Commissioner’s Office
      Wycliffe House
      Water Lane
      Wilmslow
      Cheshire
      SK9 5AF

If you have any queries about this letter, please contact me.

Yours sincerely

Keith Paley



***********************************************************************
This  message  may  contain  confidential and  privileged  information.
If you  are not the  intended recipient  you should not  disclose, copy
or distribute information in this e-mail or take any action in reliance
on its contents.  To do so is strictly  prohibited and may be unlawful.
Please  inform  the  sender that  this  message has  gone astray before
deleting it.  Thank you.

2008 marks the 60th anniversary of the NHS.  It's an opportunity to pay
tribute to the NHS staff and volunteers who help shape the service, and
celebrate their achievements.

If you work for the NHS  and  would like  an NHSmail  email account, go
to: www.connectingforhealth.nhs.uk/nhsmail
***********************************************************************

Top of Message | Previous Page | Permalink

JiscMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
March 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
1996


JiscMail is a Jisc service.

View our service policies at https://www.jiscmail.ac.uk/policyandsecurity/ and Jisc's privacy policy at https://www.jisc.ac.uk/website/privacy-notice

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager