Bill Pankey
Mon, 07 Oct 2002 13:26:26 -0700
Patricia, Dave Even after selloff of its PGP Division, Network Associates / McAfee continued to sell and support a network based version of pgp in its 'eBusiness' server. What it abandoned was support for a desktop version of pgp. This summer, venture funded 'PGP, Inc.' acquired from Network the suite of desktop pgp products. MIT and Pgp, International (www.pgpi.org) have continuously supported freeware and open source versions of pgp.
The danger here is that, to a degree, there is only a single *commercial* source for pgp. As a matter of Policy many orgs will install only commercial code, so the HCO 'standardizing' on pgp effectively requires that its trading partners become customers of a Network Associates / McAfee. The impact of the single source vulnerability was acute last Spring when NAI announced that it would not renew the desktop pgp licenses meaning that it expected removal of the application from corp environments. Much of the interest in the s/mime alternative derives from s/mime's broader base of vendor support. The traditional compliant about s/mime derived from its dependence of patented RSA technology. The compliant is no longer relevant with expiration of the basic RSA patents and with the IETF granting of standard's track status to the s/mime RFCs. Btw, under contract with the US Federal government, Getronics <www.getronicsgov.com> distributes a free open source s/mime library. NIST provides a testing suite for implementations. Bill Pankey
begin:vcard n:Pankey;Bill tel;fax:209.754.9135 tel;work:209.754.9130 x-mozilla-html:TRUE url:http://www.tunitas.com org:the Tunitas Group ;http://www.tunitas.com version:2.1 email;internet:[EMAIL PROTECTED] title:consultant adr;quoted-printable:;;PO Box 278=0D=0A6693 Sierra Vista Lookout Road=0D=0A;Mountain Ranch;CA;95246; fn:Pankey, Bill end:vcard discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.