9 Email notification and S.E.E. Mail

9.1.1 S.E.E. Mail is a gateway to gateway secure email environment (http://see.govt.nz/mail/)

9.1.2 Applications cannot send encrypted email to a user using the user's digital certificate, because:

• User certificates may not have the appropriate key usage to support encryption/decryption.

• Users may not have configured their email client for s/mime

• Users' email clients may not support s/mime.

• Users' email gateways and content filters may not permit encrypted traffic.

9.1.3 If an application needs to email a user for example to notify them of an event, the application either needs to ensure that the email does not contain sensitive information, perhaps just providing a URL to find the sensitive information, or must encrypt the email using S.E.E. Mail.

9.1.4 Not all of the agencies among the user base may have S.E.E. Mail, but for those that do, the application could send SENSITIVE information by email. Obviously this implies multiple notification methods depending on the presence of S.E.E. Mail at the user's agency.

9.1.5 There is currently no centrally provided list of agencies that can be queried programmatically. Ideally the proposed S.E.E. Directory would provide such a service. S.E.E. agencies are notified of S.E.E. Mail membership changes, so a S.E.E. agency can maintain their own list within applications.

9.1.6 To make use of S.E.E. Mail the application should route mail through the agency S.E.E. Mail gateway.

9.1.7 Applications cannot currently send encrypted email directly to a S.E.E. Mail gateway using the gateway's digital certificate due to limitations in the current product set that may reject encrypted email from an unexpected source, however the next accreditation round may resolve this issue.