Re: PGP makes email encryption easier
Ian Grigg <[EMAIL PROTECTED]> writes: >For the record, AFAIK, this approach was invented and deployed by Dr. Ian >Brown as his undergraduate thesis, back in 1996 or so. His Enigma used the >now ancient Cryptix 2.6 PGP code. I used it for a long time, as my personal >proxy, until the newer PGP 4 formats started to dominate. With all due respect to Ian's work, I think this approach has been independently reinvented many times by many people. Here's a message I just posted to a thread in another discussion list where this topic has come up: -- Snip -- [This is] another variant of the S/MIME gateway approach that people have been building for years (I believe the first commercial product was done by Deming or Worldtalk or Tumbleweed or whatever they're called this week back in the early '90s some time, if anyone wants an exact date I can check with one of the developers). Most of the commercial stuff has been S/MIME, there's been some OpenPGP support (IronMail and CryptoEx spring to mind) but it's nowhere near as common as S/MIME, which is seen as the "commercial" secure e-mail solution by vendors. In any case the general idea is the same, opportunistically generate keys for outgoing mail, cache keys for incoming mail (made easier by S/MIME than PGP, since it always sends signing certs along with the message), and provide an SMTP (for those inside the proxy) or web interface (with HTTPS, for those outside the proxy) to read things on. I've even been a party to the implementation of, or helped design, a few of these myself (it's a fun project to sit down and work out all the details, as long as someone else does the coding :-). You run into all sorts of interesting problems that you don't really think about until you start field- testing and they come out and bite you, there were some custom modifications that appeared in cryptlib in the late '90s specifically to handle some of these situations. >From seeing a demo of PGP Universal some months ago, I think their main innovation was the challenge-response protocol they had to allow users to authenticate themselves to pick up their mail. It's a pretty nice implementation, but they're coming in rather later to a pretty crowded (saturated) market... -- Snip -- Peter. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: PGP makes email encryption easier
Eric Murray wrote: > > For the record, AFAIK, this approach was invented and > > deployed by Dr. Ian Brown as his undergraduate thesis, > > back in 1996 or so. > > Not to take anything away from Dr Brown, but I wrote something very > similar to what PGP's selling for internal use at SUN in 1995 (to secure > communications between some eastern european offices). I'd thought > about it a couple years before that as I needed something to secure > communications between the company I worked for and their law firm, > and teaching executives and chip designers to use PGP wasn't working > very well. Thanks for the correction! Was this project ever released or documented? I never heard of it before. > I don't beleive that I was the first to think of it or the first to > do it; it's a pretty obvious solution. :-) Many inventions are obvious once well understood. Although I would agree that such an invention should not deserve to be patented. Whether that's because it is too obvious, or too useful, depends on ones pov... > > It's a good approach. It trades some sysadmin complexity > > for the key admin complexity, but it also raises some > > interesting challenges for deciding when to encrypt, > > when not to encrypt, and also, when to block outgoing > > mail that should be encrypted... > > Yep. > > Eric iang - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: PGP makes email encryption easier
"R. A. Hettinga" wrote: > PGP Corp has taken a slightly different tack, adapting its software so that it can > be loaded onto x86 servers to create an email encryption appliance. These proxy > servers live between an email server and client machine or in an enterprise's DMZ; > they are responsible for generating encryption keys and managing the encryption and > digital signing of email, according to enterprise security policies. The appliances > can be clustered for higher availability. For the record, AFAIK, this approach was invented and deployed by Dr. Ian Brown as his undergraduate thesis, back in 1996 or so. His Enigma used the now ancient Cryptix 2.6 PGP code. I used it for a long time, as my personal proxy, until the newer PGP 4 formats started to dominate. It's a good approach. It trades some sysadmin complexity for the key admin complexity, but it also raises some interesting challenges for deciding when to encrypt, when not to encrypt, and also, when to block outgoing mail that should be encrypted... (I commend the PGP Inc company for being careful with their marketing spiel!) iang - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
PGP makes email encryption easier
<http://www.theregister.co.uk/content/55/32828.html> The Register 15 September 2003 Updated: 15:06 GMT PGP makes email encryption easier By John Leyden Posted: 15/09/2003 at 14:06 GMT PGP Corporation today introduced simpler email encryption in which the burden of securing email messages is shifted from the client to the network. PGP Universal software suite, launched today, represents a new architecture for the company. The complexity of email encryption systems has long been a factor holding back deployment. Some vendors have responded to by repackaging encrypted email as a Web-based service. PGP Corp has taken a slightly different tack, adapting its software so that it can be loaded onto x86 servers to create an email encryption appliance. These proxy servers live between an email server and client machine or in an enterprise's DMZ; they are responsible for generating encryption keys and managing the encryption and digital signing of email, according to enterprise security policies. The appliances can be clustered for higher availability. Transmissions between a client machine and PGP can themselves be encrypted using SSL. The technology was launched at a Gartner security conference in London this morning. Stephan Somogyi, director of products at PGP Corp, told delegates that PGP Universal radically simplifies the support and training requirements normally associated with deploying enterprise encryption products. "Desktop solution hit a wall when you hit deployment of 15 per cent within companies because of training and deployment issues," Somogyi told The Register . "With desktop solutions you also have a problem of people accidentally failiing to comply with security policies, for example by forgeting to digitally sign email, that's why we're moving to a network-based approach." But couldn't an enterprise set up a similar system using digital certificates and email sent using the TLS protocol, Somogyi was asked. Up to a point, he replied; such an approach would only work effectively for site to site email and sets up a computational overhead which PGP's architecture is better suited to manage. PGP Universal support POP3 and IMAP clients, as well as Lotus Notes systems. Exchange support is more problematic, but the PGP Corp intends to support Exchange 2003 support via OUtlook HTTPS. PGP Corp intends to add support for S/MIME encryption and X.509 certificates to PGP Universal later this year. And it aims, at some point, to support secure instant messaging and a greater range of mobile devices - PGP has already developed a client that works on a Handspring Treo. PGP Universal interoperates with AV and content filtering scanners, where messages are be checked before encryption and after decryption. Alex Doll, CFO at PGP Corporation said the company was in talks with one particular AV vendor, which he declined to name as yet, about a possible OEM deal. The company is also in talks with an ISP and managed service provider about setting up a premium service based on PGP's technology. Pricing for the PGP Universal, which the company says is suitable for companies ranging for a handful of employees to thousands, is based on the number of end users, gateway and supported domains. Costs are similar to AV pricing, according to Steve Abbott, VP of sales at PGP Corp. ® -- - R. A. Hettinga The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]