Ian Grigg <[EMAIL PROTECTED]> writes: >For the record, AFAIK, this approach was invented and deployed by Dr. Ian >Brown as his undergraduate thesis, back in 1996 or so. His Enigma used the >now ancient Cryptix 2.6 PGP code. I used it for a long time, as my personal >proxy, until the newer PGP 4 formats started to dominate.
With all due respect to Ian's work, I think this approach has been independently reinvented many times by many people. Here's a message I just posted to a thread in another discussion list where this topic has come up: -- Snip -- [This is] another variant of the S/MIME gateway approach that people have been building for years (I believe the first commercial product was done by Deming or Worldtalk or Tumbleweed or whatever they're called this week back in the early '90s some time, if anyone wants an exact date I can check with one of the developers). Most of the commercial stuff has been S/MIME, there's been some OpenPGP support (IronMail and CryptoEx spring to mind) but it's nowhere near as common as S/MIME, which is seen as the "commercial" secure e-mail solution by vendors. In any case the general idea is the same, opportunistically generate keys for outgoing mail, cache keys for incoming mail (made easier by S/MIME than PGP, since it always sends signing certs along with the message), and provide an SMTP (for those inside the proxy) or web interface (with HTTPS, for those outside the proxy) to read things on. I've even been a party to the implementation of, or helped design, a few of these myself (it's a fun project to sit down and work out all the details, as long as someone else does the coding :-). You run into all sorts of interesting problems that you don't really think about until you start field- testing and they come out and bite you, there were some custom modifications that appeared in cryptlib in the late '90s specifically to handle some of these situations. >From seeing a demo of PGP Universal some months ago, I think their main innovation was the challenge-response protocol they had to allow users to authenticate themselves to pick up their mail. It's a pretty nice implementation, but they're coming in rather later to a pretty crowded (saturated) market... -- Snip -- Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
