Historically, security has not been the primary reason to choose a messaging platform. Instead, a variety of interfaces, client features and administration are paramount in the decision-making process. And before critical applications can be supported, the underlying reliability of the system must be well established. If you're going to rely on e-mail for purchasing, human resource transactions and other workflow applications, you need assurance that submissions will not be lost.

Standards: Almost; Interoperability: Later Adequately securing e-mail requires careful planning and a detailed examination of the possible solutions. When we tested secure e-mail products for this workshop, we found little end-to-end interoperability between systems and almost no cross-vendor certificate management capabilities. Entrust Technologies' Entrust server does not yet provide certificates to a Netscape client, for example.

In addition, the formats for manually importing and exporting certificates--either between certificate servers and mail clients or between mail clients--vary. Client products use a PKCS-12 variant, several PKCS-7 styles, X.509 BER/DER or proprietary formats. Until consistency improves, you can expect to use a single vendor's solution for serving certificates and client messaging.

PGP's Rogue Individualism Pretty Good Privacy's approach assumes that individual users can be trained to create and man age keys. This is in marked contrast to the security schemes used in S/MIME, as well as to the existing IETF standards Privacy Enhanced Mail (PEM) and MIME Object Security Services (MOSS). It's also fundamentally different from the model used in most proprietary LAN-based and client/server-based e-mail systems. PGPmail 4.5 makes only cursory provisions for key recovery by an organization; when the employee leaves, so do his or her encrypted secrets.

PGPmail supports Microsoft Outlook, Microsoft Exchange, Eudora Pro and Netscape mailers. It uses the International Data Encryption Algorithm (IDEA) secret-key algorithm with 128-bit keys. IDEA is generally accepted to be much stronger and faster than Digital Encryption Standard (DES), the most common secret-key algorithm. In addition, PGPmail compresses text before applying encryption, reducing both storage and transmission requirements.

A 200-page manual describes the intricacies of encrypting and signing files and e-mail, as well as managing your persona l key ring--the list of keys that you've acquired. Although PGP's plug-ins are well-integrated with the client, some users may be confused by the appearance of PGP signature strings and the signed or encrypted text itself. Future plug-ins would better serve the user by hiding message digests and signature strings, as OpenSoft's ExpressMail S/MIME client does (see the OpenSoft screenshot on page 119).

PGP assumes that keys are principally acquired through casual contact between users, building informal communities where keys are assumed to be trustworthy. It is possible to create trust hierarchies and set the "depth" of the certification chains in which keys will be accepted. However, setting this level correctly is at best a guess, and PGPmail does not offer a way to centrally manage this policy.

In addition, PGPmail 4.5 does not provide any directory for pub lic key lookup, except for the public servers that are available for peer-to-peer key exchange. After installation, each user must laboriously m anage his or her own directory of those whom they've come in contact with--an obvious, unnecessary encumbrance on the user. Few people would consider an e-mail system without provisions for a centralized address book, and their attitude toward public keys is likely to be no different. In fact, these keys should be just another attribute of the centralized corporate directory.

Fortunately, there is still hope for enterprise management of PGP security. The company has introduced PGP for Business Security and the PGP Certificate Server. Not available in time for testing, these new products provide for a centralized certificate server hierarchy and integrate with an LDAP directory, according to the vendor. This hierarchy also requires PGP clients to apply a central authority's public key to every message. This clever arrangement lets the organization recover encrypted material without having to compromise an individual's keys.