Rich Freeman wrote: > On Thu, May 23, 2019 at 12:49 PM Mick <michaelkintz...@gmail.com> wrote: >> On Thursday, 23 May 2019 16:40:23 BST Dale wrote: >>> Howdy, >>> >>> I'm trying to get some legal work done. I'm trying to do this over >>> email with a lawyer. For obvious reasons, I want to do this encrypted >>> but suspect they are not set up for this. >> Have you asked them? If they have some setup they use to ensure client >> confidentiality and data privacy, you'd be much better off to jump onto their >> system, rather than trying to negotiate the configuration of PGP and S/MIME >> with legal staff who may have zero technical capability and >> poor/uncooperative >> IT support. > ++ > > >From what I've seen these sorts of systems are usually just security > theater, such as emailing you a link to go to an SSL website to view > the "secure" message, never mind that somebody else could do the same > thing if they intercepted your email. But, it probably satisfies some > box-checker because the actual message is transmitted over SSL. > > I think this is probably the best you're going to do if you're not > communicating with people who get crypto, which is just about > everybody. > > Otherwise the rest of the email already covered some of the details. > You can just add multiple identities to a single GPG key or x509 > certificate, but if they aren't already using PKI/etc that seems like > a huge uphill battle. > > I think a corporate environment is much more likely to be using > S/MIME/etc than GPG. When I've seen these there is usually a central > CA that has some way to systematically assign certificates to > employees. Often this is only done on request. > > Law firms are also notoriously bad at IT from what I've seen. I know > a lawyer or two and many of these firms just let every partner do > things their own way, and their individual staff follow the partner's > lead. They're as bad as doctors, especially since the whole EMR thing > hasn't hit lawyers in the same way. >
Well, I got a reply. They are not set up for encryption and don't seem to be interested in it either. There is only two of them, that I know of. It's a small town lawyer but I like the guy. Rare for me to like a lawyer. lol What I was hoping is to have two email address, one for each, but a single password. I couldn't find anything that showed that as doable so I thought I'd ask, out of curiosity if nothing else. I have to deal with a State entity for some communications and they do that send a link thing to go to a Cisco site to get/send emails. I guess it is somewhat better than just plain open email but as you point out, if they have the email with the link, they do the same as the intended recipient and get the encrypted email too. They are building a new cell phone tower but have not turned it on yet. They working on it tho. I'm hoping I'm not so close that I can't get a signal from it, umbrella effect I think it is called. Anyway, the best way to get me is email. Most of the time my cell has no signal. For that reason, I wish Lawyers, Doctors and some others would use some sort of secure messaging system so that I can do things without being snooped on. Sadly, other than the State entity mentioned above, no one else does this. To be honest, the only reason I set up encryption is that I have one friend who wants to do it that way and won't send emails unless they are. It doesn't matter what is in it either. Since I have it tho, I wish more would use it. There are times when I need to do things or even send attachments that I wouldn't want everyone seeing. I'm not sure why people who deal with sensitive info won't get some secure way of emailing. It's weird to me. At least I have my answer and learned a few other things as well. Thanks to all. Dale :-) :-)
