Re: Question from HP Labs about email vs. https

Paul R. Dittrich · ‎05-09-2002

Hello Brad,

We are already configured for e-mail, as a general purpose business solution, with scanning and corporate security policy all handled correctly.
HTTPS would be a major hassle for us to implement. We have multiple firewalls and policy forbids "skipping" them in any way, so we would have to have a server in each DMZ to do the relaying of the HTTPS.

Tell me what we can do to make e-mail work more reliably if it is failing for you. Don't push us into major network and security infrastructure changes for a single purpose not directly related to business needs.

Paul

Kurt Beyers. · ‎05-09-2002

It's more easy to setup the sendmail to relay non-local mail towards the company mail server. And thus no extra security issues are required exect that the HP server must be allowed to use the mail server as relay.

Kurt

Deshpande Prashant · ‎05-09-2002

Hi Brad
Crossing firewall is always problem here.
Need lot of approval and convincing.
Same goes with receiving emails back on HP servers. Sending out email is still ok.
Similarly running https on all boxes may not be possible.

Thanks.
Prashant Deshpande.

Take it as it comes.

Christopher Caldwell · ‎05-09-2002

Are there currently any restrictions with respect to e-mail from your production servers to HP? What are they?
- e-mail or network connectivity?
- e-mail related policies (i.e. no
root e-mail, etc)?
- privacy related to transmitted data
in the e-mail?
- disclosure of domain information in
mail headers?
- firewall configuration?
- other?

Would the HTTPS transport, if communication was initiated from the production server, do anything to ease any of these concerns? Which ones? Why or why not?

>Does it raise new concerns? What are they?
No concerns as long as implementation is trivial.

>What restrictions, if any, are there in your >environment related to HTTPS communication >from your production servers to HP?
>- network connectivity?
no restrictions (expect secure connections to be Network Address Translated (NAT'd)), so make sure the application doesn't try to do fancy things with IP
>- HTTP proxy existance/
>non-existance/configuration?
>no proxy
>- data privacy (even with secure
>HTTP?)?
No issues
>- firewall configuration?
Watch out for NAT; you can't drive TCP connections into our network

>- other?

>Any other real world insight into pros and >cons of e-mail and HTTPS transports as a >method of communication from a production >system to HP is greatly appreciated as we >design and develop our future products.

-Neither protocol is session oriented

John Bolene · ‎05-10-2002

We use Notes for ALL email and route sendmail to it.

HTTP internally is only available internally and is not routed back out.

It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com

Tim Woods_2 · ‎05-13-2002

Https would not work good for us either. It would take me a long time to get this passed through management, if I ever could.

I think e-mail is still the best solution and management won't get nearly as nervous about using it since they understand how it works for the most part. My preference would be e-mail.

Clemens van Everdingen · ‎05-13-2002

Hi,

we have a lot off customers having the same problem with this issue.
ISEE is already difficult to get stuff through firewall/proxy's etc.

So I think this will be a problem for lot of out customers.

C.

The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !

Steven Sim Kok Leong · ‎05-13-2002

Hi,

For my side, the firewall policies allow outbound email. Outbound https connections would require an amendment in the security policy. Also, once amended, outbound https connections are not required to be proxied.

Regards.

Steven Sim Kok Leong

Tom Dawson · ‎05-13-2002

Brad,

It seems the majority are not in favor of a https solution. Our facility is a Distribution Center/Warehouse that uses a certain package delivery service that has brown trucks. That vendor provided a https application that updates their servers with our pack list data. Other than the normal "poorly written application" problems, all I had to do was get our WAN administrator to open the https ( ssl ) port in our firewall for the production servers.

It's turned out to be a fairly smooth running application. Https was never really an issue. And we have to go through our firewall, our corporate parent's firewall, and the vendor's firewall.

Tom

Michael Tully · ‎05-13-2002

Hi Brad,

We would have a huge problem trying to
convince the powers that be of allowing
outbound https from our sites.

We currently have and use e-mail to send
messages direct from our servers and it
works well for us. We don't use predictive.

Cheers
~Michael~

Anyone for a Mutiny ?

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Question from HP Labs about email vs. https