

I believe HN should know about the Direct Project email encryption - sixothree

The Direct Project is an email encryption scheme that hopes to replace the mail and fax currently used by American physicians to communicate patient health information. It is a requirement for Stage 2 (2014) Meaningful Use certified EHR software. So this is going to be adopted on a large scale in the next year or two.<p>It uses SMTP to transmit SMIME messages signed with X.509. Public keys for recipients are discovered either via DNS (as a CERT record) or via LDAP. Those discovered certificates are only trusted if the two parties have previously exchanged a trust anchor.<p>Direct itself does not define how trust relationships are initiated (which is a problem with scalability). So infrastructure is being formed around the protocol - such as HISPs and Trust Communities. HISPs intend to operate similar to how email providers operate - by providing web portals and edge protocols. Trust Communities are intended to create bundles of trust anchors for companies that have passed as certain level of accreditation.<p>There are currently two fully functional open source Reference Implementations in Java and C#.<p>http:&#x2F;&#x2F;directproject.org&#x2F;<p>http:&#x2F;&#x2F;wiki.directproject.org&#x2F;<p>http:&#x2F;&#x2F;wiki.directproject.org&#x2F;Reference+Implementation+Workgroup
======
tjsnell
[http://www.directtrust.org](http://www.directtrust.org) is an ONC endorsed
solution to managing trust relationships.

