Yeah, PGP? You cool with that? And what happens when the person on the other end uses GPG? Corrupted sig?
Most of us just quit using that shit 10 years ago. email is insecure, everything I send is for everyone to read.
Comment on Just had a hospital group employee tell me to simply email medical information
halcyoncmdr@lemmy.world 6 months ago
Encrypted mail is 100% a thing. And it is definitely used by medical personnel to send information securely.
But email is not encrypted by default, and isn’t as simple as checking a box in Yahoo or Gmail to do so.
rc__buggy@sh.itjust.works 6 months ago
jodanlime@midwest.social 6 months ago
They most likely use a third party like mimecast or the built-in encryption in outlook. I also haven’t had an issue between PGP and GPG but I’m not a heavy user.
rc__buggy@sh.itjust.works 6 months ago
I don’t use outlook, I use fucking mutt
Brkdncr@lemmy.world 6 months ago
It is as simple as checking a box and requiring TLS encryption at the recipient’s email gateway/server.
9tr6gyp3@lemmy.world 6 months ago
Unfortunately TLS encryption is only from client to server.
Server to server encryption is optional. Thats where the issue lies.
frongt@lemmy.zip 6 months ago
And it does not mean the data is encrypted at rest.
tomalley8342@lemmy.world 6 months ago
TLS handles security for the email sent from your device until it reaches the server, and various HIPAA compliance rules mandates security for that data once it reaches that server. It’s not alarmingly less secure than other HIPAA compliant methods of communication, unless the email provider on your end has poor support for TLS emails.
nyan@lemmy.cafe 6 months ago
Um, the transmission path for email isn’t sender client -> destination server -> destination client. Mail doesn’t go over HTTP, it has its own protocols, and takes the route sender client -> sender server -> some number of intermediate servers -> destination server -> destination client. You don’t know for certain what intermediate servers will be involved, who they belong to (often they go up through parent companies or backbone providers, then come back down again), or how they’re secured (if they’re secured). All the servers along the chain, some of which may be in a different country, have to be secure in order for the transmission method to be compliant, and that ain’t usually gonna happen.
lena@gregtech.eu 6 months ago
The problem with this is that it’s annoying to set up so most people don’t use it