Indeed. If you're still associated with the navy, you're certainly
feeling the same pain, as the requirements come from the NIST, I think.
I have more than a passing familiarity with those NIST requirements, and
there are a LOT of them so I can't claim to be an expert. But here's
what I believe to be true:
- There is no requirement to use Office 365
- There is no prohibition on using IMAP
Now I have seen stuff about requiring smart card authentication. I
believe that at work we can legitimately claim we have implemented
"smart card authentication" and that it works fine with the shipping
version of nmh today.
Email signing ... well, I know the pieces are all there, and I've done it
manually with various command-line utilities. I just need to figure out
a good way to handle integration.
I believe what is happening is that the IT staff look at a whole
pile of NIST requirements, throw up their hands and say, "Hey, what did
everyone else do? Office 365? Ok, we'll do that". And to paraphrase
the old adage about IBM, no one ever got fired for buying Office 365
(and to extend that further, if Office 365 gets broken into you're not
going to get fired because they'd have to fire everyone). And if it
screws over a small subset of users ... well, too bad.
I don't particularly like this state of affairs, but it's not like
any of this is surprising. It's another reason I would like to get IMAP
support into nmh; so many projects, so little time.