John Young wrote:
We have received from an anonymous source a document titled:
"Securing Electronic Mail Within HMG, Part I, Infrastructure and Protocol." 21 March 1996.
From the Introduction:
"This document is the first part of CESG's recommendations for securing electronic mail within HMG. The main objective of the recommendations is to facilitate pan-government secure inter- operability of electronic mail, by simplifying the implementation of secure electronic mail within government, ensuring secure electronic mail between departments is possible, attempting to facilitate future inter-operability with commercial users, maximising the use of commercial technology in a controlled manner, whilst allowing access to keys for data recovery or law enforcement purposes if required."
Other sections describe:
2. Authentication Framework
3. Confidentiality Framework
4. Security Protocol
The document refers to the Royal Holloway program for TTP critiqued by Ross Anderson and others as "EuroClipper." Perhaps those with more knowledge could make an assessment.
The document consists of 13 pages of text and diagrams, with a few gaps.
This document is available on the Web, at: http://www.xopen.org/public/tech/security/pki/casm/casm.htm see also my "addendum" to Anderson & Roe's paper (which is actually a critique of the above proposal, rather than RH itself) at: http://www.algroup.co.uk/crypto/rh.html Cheers, Ben. -- Ben Laurie Phone: +44 (181) 994 6435 Email: ben@algroup.co.uk Freelance Consultant and Fax: +44 (181) 994 6472 Technical Director URL: http://www.algroup.co.uk/Apache-SSL A.L. Digital Ltd, Apache Group member (http://www.apache.org) London, England. Apache-SSL author