New Secure E-mail Client Touted

Faculty of Arts and Sciences Computer Services (HASCS) announced yesterday that, as of July 5, 2005, all students, faculty, and staff using the FAS system will be required to use SSL encryption with their e-mail clients.

Simultaneously, HASCS has launched the first beta version of Mozilla Thunderbird, which comes enabled with SSL encryption, as Harvard’s preferred e-mail application.

According to Director of Residential Computing Kevin S. Davis ’98, these steps come as part of an ongoing series of security updates begun a few years ago with the replacement of insecure connection protocols, telnet and FTP, with their encrypted counterparts, ssh and SFTP.

The switch to SSL will require only small changes for most users in the Faculty of Arts and Sciences (FAS), which comprises the College and Graduate School of Arts and Sciences.

Users of Pine and Webmail—which are SSL-enabled—will be unaffected by this change. Students, faculty members, and staff who use POP/IMAP e-mail clients such as Eudora, Outlook, Outlook Express, and Mac OS X Mail can enable SSL encryption using the instructions posted on the HASCS website.

Users can also switch to Mozilla Thunderbird, which can be downloaded from the HASCS website. Davis recommended that students make the necessary changes before the summer so that they will prepared at the start of next semester.

Thunderbird replaces Eudora as the preferred e-mail program of FASCS, which has recommended Eudora for years. But with passing years, Davis said, students and faculty have been increasingly unhappy with the program.

“In the past few years we have been getting more and more complaints about Eudora,” Davis said.

Thunderbird, an open-source application, was developed by the not-for-profit Mozilla Foundation, the same organization that created the popular Firefox web browser. Though Thunderbird is available both from the HASCS site and directly from the Mozilla site, the Harvard version has been specially adapted for FAS affiliates and includes an integrated Harvard phone and e-mail address book.

SSL, short for Secure Socket Layer, is used to encrypt information sent over the Internet. While most e-mail is not encrypted, SSL is commonly used by bank websites, websites processing credit card transactions, and Harvard PIN websites.

After other Harvard computer systems successfully implemented SSL, Davis said, HASCS has decided to extend the use of SSL into Harvard’s e-mail system.

“Computer Services feels it has proved the security of the Harvard system using SSL,” Davis said. “We’ve been at the forefront for years trying to secure our systems.”

Davis urged the Harvard community to voice concerns and opinions about the change. “We’re really very interested in the feedback of the community,” he said.