Forwarded message:
Date: Sun, 26 Oct 1997 18:03:16 -0800 From: David Sternlight <david@sternlight.com> Subject: Re: Orthogonality and Disaster Recovery
Do all E-Mail vendors need to be cryptologist??
If the client's e-mail is to be secure, yes. But let's be accurate here.
I absolute agree we need to be accurate. To that end, it is not the applications that need security but rather the network and session layers.
Do all cryptologist need to be application vendors?? Obviously not.
Now that IS nonsensical because cryptology is a wide and deep art only a small part of which has to do with mail applications themselves. In contrast, mail applications to be secure must use encryption. There's some very muddy thinking going on in your post.
He said 'application vendors', not just mail. Pay attention to the details of the argument and quit trying to change the subject without specificaly noteing the change, otherwise known as a strawman. His muddy thinking doesn't stand alone.
PGP is a tool much like a database is. The majority of vendors who develop apps that require a database do not go out and write their own, rather they use a database engine that is suited to their needs.
Except for the occasional password protection, databases don't need encryption to the extent e-mail does.
I work everyday with the NSA, CIA, Dod, Army, SAIC, all the phone companies, many of the major banks, Intel, Human Genome Project, etc. Every one of these folks would disagree with you. In fact it was one of the motivating factors behind Tivoli comming out with their new Security Management application because vendors required us to move away from our custom databases and toward industry standards (Oracle, Sybase, Informix, DB2, DBMX, etc.) *AND* at the same time requiring a better security mechanism than the existing one we use (DES & Kerberos based). The reality of the market does not support your thesis.
You miss the point here. And you miss the many worked examples. RSA is selling lots and lots of toolkits for lots and lots of money for in-line integration into applications, not for pre- and post-processing. The former is the way to go; the latter a kludge until something better comes along.
Are they involved with the new Cryptographic Standard projects of the government and Tivoli - IBM? I don't think so, at least I still haven't seen them involved in any of the work I have had access to so far; much to my own personal disappointment. ____________________________________________________________________ | | | The financial policy of the welfare state requires that there | | be no way for the owners of wealth to protect themselves. | | | | -Alan Greenspan- | | | | _____ The Armadillo Group | | ,::////;::-. Austin, Tx. USA | | /:'///// ``::>/|/ http://www.ssz.com/ | | .', |||| `/( e\ | | -====~~mm-'`-```-mm --'- Jim Choate | | ravage@ssz.com | | 512-451-7087 | |____________________________________________________________________|