Re: [mailop] GDPR and SMTP in general

2018-05-27 Thread SM
Hi Paul, At 03:40 AM 25-05-2018, Paul Smith wrote: I wish that was the case, but it's not what GDPR says, certainly for SMTP relay services The organization running the service would be the "processor". Did you ask the ICO whether there is any guidance for a SMTP service? Regards, -sm

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Large Hadron Collider
I suspect in practice they are going to DTRT and only enforce against violations of the spirit. On 05/25/2018 10:14, Rolf E. Sonneveld wrote: Hi, Paul, On 25-05-18 11:46, Paul Smith wrote: I've been going through some GDPR stuff. Amongst other things, we provide SMTP relay services to some

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Grant Taylor via mailop
On 05/25/2018 04:49 AM, Paul Smith wrote: If the software can decrypt its own encrypted data automatically, then the decryption key/method is on the PC, so not going to stop a determined attacker. I don't know if this exists or not, but I could see how files (independently of disk

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Grant Taylor via mailop
On 05/25/2018 04:32 AM, Leo Gaspard via mailop wrote: Just for the record, OpenSMTPD supports queue encryption with the `queue encryption` option. Nice. I'll have to look into that, particularly how it does things. I'm assuming that it encrypts / decrypts individual files / message stores.

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Brandon Long via mailop
Encryption of data stored on disk that is resistant to these types of attacks is not impossible, assuming that the keys are stored somewhere else. The pieces are mostly available, from trusted boot through software attestation and more. I won't say what we do is impossible to break, but it's

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Anne P. Mitchell Esq.
> On May 25, 2018, at 4:40 AM, Paul Smith wrote: > >>> But, how it interacts with email, it all seems to get very horrible. I >>> suspect the *intention* is OK, but I'm struggling with the actual >>> regulations. >>> >> Whilst this specific article (written by Andrew

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread David Hofstee
Hi, There is a difference between being a "processor" and "telecommunications". The telecommunications laws are different, more strict sometimes. I know what the difference was in Dutch law, not sure in the EU area. Yours, David On 25 May 2018 at 15:51, Renaud Allard via mailop

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Renaud Allard via mailop
On 05/25/2018 12:14 PM, Rolf E. Sonneveld wrote: Yes, dealing with exactly the same kind of problem(s). One of my customers asks me to sign for the fact that mail is encrypted when handling it. However, using standard MTA software, messages that are in the queue waiting to get delivered,

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Ray Van Dolson
On Fri, May 25, 2018 at 12:13:15PM +0100, Jeremy Harris wrote: > On 25/05/18 11:49, Paul Smith wrote: > > Disk encryption is great on a laptop. Not sure it is anywhere else. > > It does mean you don't have to secure-destroy that sour disk you > swapped out from the raid set. This is the main

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Jeremy Harris
On 25/05/18 11:49, Paul Smith wrote: > Disk encryption is great on a laptop. Not sure it is anywhere else. It does mean you don't have to secure-destroy that sour disk you swapped out from the raid set. -- Jeremy ___ mailop mailing list

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Paul Smith
On 25/05/2018 11:22, Stefano Bagnara wrote: On Fri, 25 May 2018 at 11:55, Paul Smith wrote: [...] If someone sends a message from the UK to someone in the USA, by definition, we must send that email outside of the EU. When we send the email, we are sending personal data (eg

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Paul Smith
On 25/05/2018 11:14, Rolf E. Sonneveld wrote: Yes, dealing with exactly the same kind of problem(s). One of my customers asks me to sign for the fact that mail is encrypted when handling it. However, using standard MTA software, messages that are in the queue waiting to get delivered, are

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Paul Smith
On 25/05/2018 11:33, Graeme Fowler wrote: On 25 May 2018, at 10:46, Paul Smith wrote: But, how it interacts with email, it all seems to get very horrible. I suspect the *intention* is OK, but I'm struggling with the actual regulations. Whilst this specific article (written

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Graeme Fowler
On 25 May 2018, at 10:46, Paul Smith wrote: > But, how it interacts with email, it all seems to get very horrible. I > suspect the *intention* is OK, but I'm struggling with the actual regulations. Whilst this specific article (written by Andrew Cormack of Jisc UK) pertains to

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Leo Gaspard via mailop
On 05/25/2018 12:14 PM, Rolf E. Sonneveld wrote: > Yes, dealing with exactly the same kind of problem(s). One of my > customers asks me to sign for the fact that mail is encrypted when > handling it. However, using standard MTA software, messages that are in > the queue waiting to get delivered,

Re: [mailop] GDPR and SMTP in general

2018-05-25 Thread Rolf E. Sonneveld
Hi, Paul, On 25-05-18 11:46, Paul Smith wrote: I've been going through some GDPR stuff. Amongst other things, we provide SMTP relay services to some customers, so are a 'Data Processor' under GDPR. In itself, that's OK as our own operations are GDPR compliant. But, how it interacts with