Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!mit-eddie!bu-cs!kwe
From: kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England))
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Encrypted SMTP Mail?
Summary: It's proprietary and expensive
Message-ID: <40528@bu-cs.BU.EDU>
Date: 16 Oct 89 15:44:46 GMT
References: <66649@tut.cis.ohio-state.edu>
Reply-To: kwe@buit13.bu.edu (Kent England)
Followup-To: comp.protocols.tcp-ip
Organization: Boston U. Information Technology
Lines: 32

In article <66649@tut.cis.ohio-state.edu> 
COLLINS-C@OSU-20.IRCC.OHIO-STATE.EDU (Clifford Collins) writes:
>I recently saw copies of RFC1113, 1114 and 1115 that address
>encrypted SMTP mail.  Are there any implementations out there?
>I would be very interested in acquiring what's out there to test
>and evaluate.  Any leads would be welcome. Please reply to me
>via e-mail.  Thanks!
>
	It is quite an interesting and imprssive effort, but there are
some things you aren't going to like, since the RSA guys have patented
the public key algorithms.

	The RFCs define a comprehensive framework for defining a
secure mail system that uses SMTP transport.

	Trusted Information Systems has developed software based on MH
mail to use encryption and is planning on widely distributing this.
However, the public key algorithms are licensed from RSA.

	RSA <something-or-other> is a spinoff of the RSA guys that is
in the business of providing a certification authority to make all
this work.

	Are you ready for the kicker?  You pay $25 to register each
and every user of secure mail in your institution for a period of two
years with said RSA company.

	Anyone out there ready to trust RSA to maintain a list of
users in your institution that can send and receive secure mail?  Are
you ready to pay $25 every two years for the privilege?

	--Kent England, Boston University