-----BEGIN PGP SIGNED MESSAGE-----
Don Eastlake has written an internet-draft proposing to add signatures and encryption to the Internet mail-delivery system. The two big differences between his proposal and past proposals are:
* They work at the "sendmail" level, not at the "mail reader" level. This doesn't give your mail complete end-to-end protection (unless you use "mail reader" encryption like S/MIME or PGP). But it's a lot easier to install and maintain; your sysadmin can do it for your whole site, instead of having to retrain every user.
One obvious problem with this is that since sendmail runs at all times of day or night and since sendmail must have the decryption keys, this means that the decryption keys may be in the memory of a computer that may be unattended. This scheme may be useful for its convenience, but many users will only be willing to turst the computer with their keys while there messages are actually being decrypted in their presence. Thus, many users will want to super encrypt with their own personal keys. Thus I believe that the above scheme should be implemented for mail security between sites, but it should not be viewed as a total solution. - -- Paul Elliott Telephone: 1-713-781-4543 Paul.Elliott@hrnowl.lonestar.org Address: 3987 South Gessner #224 Houston Texas 77063 -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: cp850 iQCVAgUBMV229/BUQYbUhJh5AQFrIgP/eejmxUvAiRtJQfkHyrIZflQ6tQBz1PuB Oxl31K+xnIYmpgIJHb2M+flpeTlOE+6DyIf3ZTB3UMHRqT1v5VrVmDy0ByrukrjF KRbJTLO2yuDadZKEGKrm+n1FAleCpwuoQJTem7S5XQQts6FCscqaII61HNBkSC0V JkDwN8ouYsk= =YUcS -----END PGP SIGNATURE-----