I'm too sleepy to go into much depth, but I can make a couple of observations.
Yes, you've hit on one of the basic problems of privacy - if nobody can read your mail for bad purposes then they can't do it for "good" purposes either. If you really care, you could use the commercial version of PGP, and announce that all users must have keys generated by the company, which include a mandatory ADK (additional decryption key). This ADK could then be installed wherever you want to do mail checking. Warning: the whole ADK thing is flawed, IMHO, and there has already been one implementation bug. You can find more information about it in various places on the web. ADKs _do_ work for incoming email, if they are included in the users' keys as mandatory. I don't know offhand if the mandatory nature relies on a co-operative version of PGP or whether it's some crypto property of the altered key. Personally? I say go for good desktop antivirus. Cheers, -- Ben Nagy Network Security Specialist Mb: +61 414 411 520 PGP Key ID: 0x1A86E304 > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Madhur Nanda > Sent: Tuesday, March 26, 2002 6:44 PM > To: [EMAIL PROTECTED] > Subject: PKI > > > Hi, > > If i build up a PKI infrastructure and use digital > certificates for signing as well as encrypting e-mails. Then > how can i scan e-mails floating around in the network for > viruses etc. My mailing filtering gateways won't be able to > open them. I see two options to it: > > 1) Have strong desktop antivirus which will scan the mails > before it gets encrypted or after decryption. Need info on > products which can do this job the best for different mailing > clients. I m not sure how good trend micro desktop anitvirus > would be able to do. > > 2) The other option is what i read in sans site. To install > plugins on user mailing clients so that whenever they send an > encrypted mail a copy of that mail encrypted with mailing > gateway public key to is also bcc to mailing gateway. The > mailing gateway opens up and check for virus etc, and take > actions accordingly. But this fails when an encrypted mail > comes from external world. > > are there any other good resources info available on PKI and > things like this....also i m looking at key recovery issues > etc...and more concepts ..like where the key pair is > generated ( by the CA or the users desktop requesting for the > certificate) and when you apply for a certificate you only > send your public key not the private key, I mean standars > like PKCS10, PKCS7 etc > > TIA > > rgds > Madhur Nanda _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
