If you are trying to secure "data in transit", then TLS for email works the same as TLS (aka SSL) for websites. You need to trust their certificate issuer (CA), and they need to trust yours. Key exchange happens "automagically"
Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Jimmy Tran Sent: Thursday, 24 April 2014 1:31 AM To: [email protected] Subject: [NTSysADM] RE: is email over SSL same as email encryption? After doing some more reading, it looks the sender and recipient needs to exchange keys for this to work. To the members here who have to be HIPPA compliant for email, do you mind sharing what you have in place? Do you use a 3rd party to handle this? How do you communicate with users outside your organization and also be compliant? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jimmy Tran Sent: Wednesday, April 23, 2014 8:19 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] is email over SSL same as email encryption? I ask this because I have a client who wants to be HIPPA complaint with patient communication. I don't know much about compliance with email except that the email needs to be encrypted. Currently, they use email hosted by bluehost via imap and over SSL. This just means the connection to bluehost is encrypted, but by the time it hits the patient's inbox, it is no longer encrypted correct? TIA, Jimmy
