[2966] in cryptography@c2.net mail archive
Re: IETF building GAK into the PKI
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Jul 14 18:37:20 1998
To: Adam Back <aba@dcs.ex.ac.uk>
cc: smb@research.att.com, cryptography@c2.net
In-reply-to: Your message of "Tue, 14 Jul 1998 23:03:50 BST."
<199807142203.XAA05078@server.eternity.org>
Reply-To: perry@piermont.com
Date: Tue, 14 Jul 1998 18:34:26 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Adam Back writes:
> With such a user requirement I would presume that the model is that
> users are not permitted to modify or install additional software on
> trading machines.
In general, they don't.
> With this threat model one alternative is to
> archive the data as it is decrypted, and before it is encrypted.
>
> Another method might be to have an encryption/decryption server which
> decrypted all traffic as it arrived at the company. Adds some risks,
> but if you really want access to all the incoming and outgoing data,
> this is what it ammounts to.
>
> Would be interested in Perrys comments on how this is done in
> practice.
In practice? Surely you jest. As it stands, most email traffic is not
encrypted, and most customers do not have encryption available. People
are gearing up for this -- it is not currently a major way of doing
business.
The clients I have that have already done some work on the subject are
simply recording all the email going in and out and ignoring the
encryption question for now.
Perry
