Suppose two people exchange messages using symmetric encryption; every time they communicate, a session key is generated that encrypts the message using a protocol that handles session keys like SSL. They could, alternatively, use PGP to exchange messages. Do you think in this scenario that PGP or symmetric encryption would offer better security?
It depends on how trusted the local environment is. Symmetric encryption will ensure non-disclosure between "systems" by encrypting all message packets between mail servers using a shared encryption key. PGP ensures non-disclosure of an individual message by encrypting the actual message and making it viewable only by the sender and recipient. PGP is a bit more flexible as it can be used when the message traverses an unsecured network channel between two systems or even if the recipient is on the same system. As a general guideline, if you have a trusted messaging environment, but the network between servers is in question, then symmetric encrypted sessions like SSL will work. If you're exchanging messages that are so sensitive in nature that even the messaging system administrators shouldn't have access to the message content, like legal or executive communications, I'd use PGP.
Dig Deeper on Email and Messaging Threats-Information Security Threats
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses.
Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most...
A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.