PGP makes email encryption easier

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Sep 17 10:06:47 EDT 2003


Ian Grigg <iang at systemics.com> writes:

>For the record, AFAIK, this approach was invented and deployed by Dr. Ian
>Brown as his undergraduate thesis, back in 1996 or so.  His Enigma used the
>now ancient Cryptix 2.6 PGP code.  I used it for a long time, as my personal
>proxy, until the newer PGP 4 formats started to dominate.

With all due respect to Ian's work, I think this approach has been
independently reinvented many times by many people.  Here's a message I just
posted to a thread in another discussion list where this topic has come up:

-- Snip --

[This is] another variant of the S/MIME gateway approach that people have been
building for years (I believe the first commercial product was done by Deming
or Worldtalk or Tumbleweed or whatever they're called this week back in the
early '90s some time, if anyone wants an exact date I can check with one of
the developers).  Most of the commercial stuff has been S/MIME, there's been
some OpenPGP support (IronMail and CryptoEx spring to mind) but it's nowhere
near as common as S/MIME, which is seen as the "commercial" secure e-mail
solution by vendors.  In any case the general idea is the same,
opportunistically generate keys for outgoing mail, cache keys for incoming
mail (made easier by S/MIME than PGP, since it always sends signing certs
along with the message), and provide an SMTP (for those inside the proxy) or
web interface (with HTTPS, for those outside the proxy) to read things on.
I've even been a party to the implementation of, or helped design, a few of
these myself (it's a fun project to sit down and work out all the details, as
long as someone else does the coding :-).  You run into all sorts of
interesting problems that you don't really think about until you start field-
testing and they come out and bite you, there were some custom modifications
that appeared in cryptlib in the late '90s specifically to handle some of
these situations.

>From seeing a demo of PGP Universal some months ago, I think their main
innovation was the challenge-response protocol they had to allow users to
authenticate themselves to pick up their mail.  It's a pretty nice
implementation, but they're coming in rather later to a pretty crowded
(saturated) market...

-- Snip --

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list