Suppose two people exchange messages using symmetric encryption; every time they communicate, a session key is generated that encrypts the message using a protocol that handles session keys like SSL. They could, alternatively, use PGP to exchange messages. Do you think in this scenario that PGP or symmetric encryption would offer better security?
It depends on how trusted the local environment is. Symmetric encryption will ensure non-disclosure between "systems" by encrypting all message packets between mail servers using a shared encryption key. PGP ensures non-disclosure of an individual message by encrypting the actual message and making it viewable only by the sender and recipient. PGP is a bit more flexible as it can be used when the message traverses an unsecured network channel between two systems or even if the recipient is on the same system. As a general guideline, if you have a trusted messaging environment, but the network between servers is in question, then symmetric encrypted sessions like SSL will work. If you're exchanging messages that are so sensitive in nature that even the messaging system administrators shouldn't have access to the message content, like legal or executive communications, I'd use PGP.
Dig deeper on Email Security Guidelines, Encryption and Appliances
Is your remote desktop access software really secure? Randall Gamby offers advice for conducting a remote access audit to validate security.continue reading
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise.continue reading
Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.