Hi,
I have been thinking of trying to get Djigzo to function as an
unofficial third implementation of the new NHIN Direct standard (which is
how most doctors in the United States will do direct messaging starting next
year)
However, I would want to get a confirmation that the Djigzo
project will accept patches I make to the codebase for this purpose. I do
not really have that much time to work on this, and if I do contribute I
want to verify that it is not in vain.
Are there examples of patches to Djigzo from the community that
have been accepted into the Djigzo tree? I need to determine, quickly if
this is a "collaborative" project or merely an "openly developed" project.
Thanks,
-FT
--
Fred Trotter
http://www.fredtrotter.com
We are already utilizing this to send encrypted messages for sensitive information to federal government facilities. It works, and complies with federal FISMA regulations, which works with us and our clients in Washington, D.C.
However...
As we also perform work for a client within the Healthcare sector, I checked with their information security department, and the verbiage states "reasonable security measures be taken" under the provisioning of HIPAA. Essentially, you *could* utilize this program for ePHI file/data transfers, but I would *not* recommend it, due to the legal implications of ePHI being leaked or intercepted during transmission.
Just my thoughts...
Bob Radvanovsky, CIFI, CISM, REM, CIPS
Infracritical, Inc. - "Your Infrastructure, Their Future"
rsradvan(a)unixworks.net | rsradvan(a)infracritical.com | bob(a)infracritical.com
(630) 673-7740 | (412) 774-0373 (facsimile)
----- Original Message -----
From: "Masonis, Travis M" [mailto:tmasonis@noyes-hospital.org]
To: users(a)lists.djigzo.com
Subject: Re: [Djigzo users] Regarding NHIN Direct
> This subject is relevant to my interests and uses for the product also.
> I think there is enormous potential for this product in the healthcare
> arena.
>
> Travis Masonis
> CCNA, CCDA, MCSE, CEH, Security+
> Director, IT Infrastructure
> Noyes Memorial Hospital
>
No, I *do* "get it". I work as a contractor for a large healthcare provider here in Illinois.
The NHIN is an outreach program similar to HSIN. I am involved in IT, control systems (SCADA), energy, transportation, and food. Look me up on Amazon.
I'm published on many of these topics:
here...http://www.amazon.com/Critical-Infrastructure-Homeland-Emergency-Pre…here...http://www.amazon.com/Critical-Infrastructure-Homeland-Emergency-Pre…
and, here...http://www.amazon.com/Transportation-Systems-Security-Allan-McDougal…
Oh, and BTW, I had access to ARPANet long before most people had access to "The Intenet". I have been in IT since 1978. Many people don't know where "bootstrap" came from -- I *do*. ;P
Back to NHIN...
There are many "subnet'd private networks" that exist out there. SIPRNET and NIPRNET are prime examples of this. NHIN is (probably) an extension of HSIN. Currently DHS is doing some "cleaning house" on their network. Maybe I need to call some of my contacts within DHS and ask...
-rad
P.S. Smile...I'm on *your* side... ;)))
----- Original Message -----
From: fred trotter [mailto:fred.trotter@gmail.com]
To: Bob Radvanovsky [mailto:rsradvan@unixworks.net]
Cc: "Masonis, Travis M" [mailto:tmasonis@noyes-hospital.org], users(a)lists.djigzo.com
Subject: Re: [Djigzo users] Regarding NHIN Direct
> To Bob and Travis,
>
> Ummm.. You guys do not get it.
>
> The United States Government started the Internet by bringing up a core
> network and then giving access to that core to academia and industry.
> Eventually this morphed into the Internet. This was the transition from the
> Arpanet -> Internet.
>
> Based on that model, the Us Govt is starting a core health information
> exchange network called the NHIN, or National Health Information Network. As
> before they will allow private citizens to connect to this core network. The
> data of every veteran treated in the VA, (which is the largest single health
> data system in the United States) will be available from the NHIN. This will
> incent others to hook up and begin exchanging health information.
>
> Obviously, this new network will simply be a secured network running over
> the regular Internet.
>
> What makes this a "new" network is that it will run on two different
> protocols, one is IHE is an is too complex to even get into here, the other
> is a secure SMTP standard developed with the NHIN Direct project. The -only-
> parts of the NHIN Exchange (the running network) Will either be the NHIN
> CONNECT (an open source implementation of IHE) compatible IHE -or- a secure
> SMTP configuration compatible with two open source prototypes that the NHIN
> Direct project (where I am a contributor).
>
> ARRA, the massive stimulus fund to encourage EHR adoption eventually
> requires that doctors exhchange information and only via the SMTP in NHIN
> Direct or the IHE in NHIN CONNECT.
>
> In a few years, most doctors and thousands of other healthcare workers in
> the United States will be using the secure emails. From the perspective of
> ONC, this is the official replacement of the fax machine.
>
> So it is not a question of "if you can use the SMTP system in a HIPPA
> compliant way?" the only question will be "Is Djigzo a NHIN Direct
> compatible Secure SMTP implementation?" if it is then I would expect that it
> would be a very popular product. I am willing to help make it that way, but
> I do not want to waste my time... which is why I am so pleased by what
> Martjin is saying....
>
> -FT
>
>
>
> On Fri, Jul 30, 2010 at 12:41 PM, Bob Radvanovsky
> <rsradvan(a)unixworks.net>wrote:
>
> > We are already utilizing this to send encrypted messages for sensitive
> > information to federal government facilities. It works, and complies with
> > federal FISMA regulations, which works with us and our clients in
> > Washington, D.C.
> >
> > However...
> >
> > As we also perform work for a client within the Healthcare sector, I
> > checked with their information security department, and the verbiage
> states
> > "reasonable security measures be taken" under the provisioning of HIPAA.
> > Essentially, you *could* utilize this program for ePHI file/data
> transfers,
> > but I would *not* recommend it, due to the legal implications of ePHI
> being
> > leaked or intercepted during transmission.
> >
> > Just my thoughts...
> >
> > Bob Radvanovsky, CIFI, CISM, REM, CIPS
> > Infracritical, Inc. - "Your Infrastructure, Their Future"
> > rsradvan(a)unixworks.net | rsradvan(a)infracritical.com |
> > bob(a)infracritical.com
> > (630) 673-7740 | (412) 774-0373 (facsimile)
> >
> >
> >
> > ----- Original Message -----
> > From: "Masonis, Travis M" [mailto:tmasonis@noyes-hospital.org]
> > To: users(a)lists.djigzo.com
> > Subject: Re: [Djigzo users] Regarding NHIN Direct
> >
> >
> > > This subject is relevant to my interests and uses for the product also.
> > > I think there is enormous potential for this product in the healthcare
> > > arena.
> > >
> > > Travis Masonis
> > > CCNA, CCDA, MCSE, CEH, Security+
> > > Director, IT Infrastructure
> > > Noyes Memorial Hospital
> > >
> > _______________________________________________
> > Users mailing list
> > Users(a)lists.djigzo.com
> > http://lists.djigzo.com/lists/listinfo/users
> >
>
>
>
> --
> Fred Trotter
> http://www.fredtrotter.com
>
>
RE: The reason this has never been a problem is that in most
cases a global or domain password for PDF encryption is not used.
We chose djigzo specifically because of encrypted PDF option. It fits ideally in our business model (employee benefits administration for small and mid-sized businesses, school systems and organizations.)
Since HIPAA mandated standards-based implementations of security controls by all health care organizations that create, store or transmit electronic protected health information we had to secure correspondence with our customers' current and retired employees. The routine should be extremely easy. The S/MIME and other PKI stuff is not an option as you might guess. :).
Hi
Our global preferences are set to static password with -1 validity interval.
If we try to create a domain or a user with random password (password is blank and uninherited, validity interval is set to 0 and also uninherited) djigzo does not accept these settings and reverts to global password with inherit checked.
If password is not blank then it is set as static and never changes.
The only way to create a random password user is to temporarily change global preferences to random, create a user and then change global preferences to static again.
Are we doing something wrong?
(Version: 1.3.2-1 . Built: 2010-03-29-10:20 .)
Thanks for the link. I'm using thunderbird as well so I will check how hard it is to modify it to show the djigzo headers.
Martijn
---
Sent with djigzo for blackberry. Excuse my brevity.
-----Original message-----
Hello Andreas:
On Wed, 21 Jul 2010 14:12:40 +0000, Andreas Anderson
<galium123(a)hotmail.com> wrote:
> Slighly offtopic, does somoeone know an addon for Thunderbird that can
> display custom icons based on (the djigzo-) mail-headers, so i can see
if
> the mail was encrypted/signed without looking through the headers?
You could have a look at the DispMUA thunderbird addon [1] and perhaps
modify that code to match the Djigzo headers rather than the MUA headers,
and update the icons accordingly.
This could turn into a very interesting plugin to provide S/MIME, GPG and
other security-related information.
Good luck, Achim
[1] <http://www.juergen-ernst.de/addons/dispmua.html>
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users
Hello list,
Slighly offtopic, does somoeone know an addon for Thunderbird that can display custom icons based on (the djigzo-) mail-headers, so i can see if the mail was encrypted/signed without looking through the headers?
Andreas
_________________________________________________________________
> Yes you're right. But as an administrator of a network I prefer a
> centralized view if a mail was successful en- /decrypted
There was already a request to add statistics (like number of
encryptions/decryption per time frame). This will be added in upcoming
releases. For the time being you can either set some loggers to debug to
get more debug info (like you already did) or if you really require more
info you can in principle modify config.xml and add some extra checks
and logging.
> Are ther some logger level setting for incoming mails?
You can set the log level to debug for:
mitm.common.security.smime.handler.SMIMEHandler
This will give you more info about decryption etc.
Kind regards,
Martijn
Baur Dieter wrote:
> Hi,
>
> Yes you're right. But as an administrator of a network I prefer a centralized view if a mail was successful en- /decrypted
>
> In the meantime I set the mitm.application.djigzo.james.mailets to debug level. So there are some additional entries in the djigzo.log for an outgoing Mail.
>
> ....
> 09 Jul 2010 13:40:00 | DEBUG Recipient(s) have S/MIME certificates; MailID: c74e20b1-83d7-47a6-b5ae-ba8205001224 (mitm.application.djigzo.james.mailets.GotoProcessor) [Spool Thread #0]
> ...
> 09 Jul 2010 13:40:00 | DEBUG Message will be signed; MailID: c74e20b1-83d7-47a6-b5ae-ba8205001224 (mitm.application.djigzo.james.mailets.SMIMESign) [Spool Thread #0]
> 09 Jul 2010 13:40:00 | DEBUG Signing message (mitm.application.djigzo.james.mailets.SMIMESign) [Spool Thread #0]
> ...
> 09 Jul 2010 13:40:00 | DEBUG Message will be encrypted; MailID: c74e20b1-83d7-47a6-b5ae-ba8205001224 (mitm.application.djigzo.james.mailets.SMIMEEncrypt) [Spool Thread #0]
> 0
> ...
>
> Are ther some logger level setting for incoming mails?
>
> Dieter
--
Djigzo open source email encryption
Hello
Are the plans to include PGP/GPG functionality in future releases of djigzo?
I also missing a Keyserver / Certificateserver functionality.
It should be nice to provide the public RootCA certificate on a external Website with a search function to search the users public certificates.
Greetings
Dieter