Given policy 3.5f, why is there not a policy to use public-key signatures to authenticate the sender of electronic communications? This policy prescribes Outlook for email, and Outlook integrates S/MIME certificates to verify the sender's identity and to encrypt messages when necessary, such as when confidential information is involved. Do County systems not already use X.509 certificates internally, and do existing 3.1 County approved encryption methods not already support public-key signatures? Are there costs to implementing such policy that might not be apparent from outside County Center, or is it just a matter of checking a box within Outlook to verify that message senders are authentic and not spoofed?
Given policy 3.5f, why is there not a policy to use public-key signatures to authenticate the sender of electronic communications? This policy prescribes Outlook for email, and Outlook integrates S/MIME certificates to verify the sender's identity and to encrypt messages when necessary, such as when confidential information is involved. Do County systems not already use X.509 certificates internally, and do existing 3.1 County approved encryption methods not already support public-key signatures? Are there costs to implementing such policy that might not be apparent from outside County Center, or is it just a matter of checking a box within Outlook to verify that message senders are authentic and not spoofed?