Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!sdd.hp.com!spool.mu.edu!uwm.edu!linac!att!ucbvax!TIS.COM!galvin
From: galvin@TIS.COM (James M Galvin)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Authenticated SMTP, anyone done one?
Message-ID: <9106201830.AA18506@TIS.COM>
Date: 20 Jun 91 18:30:57 GMT
Article-I.D.: TIS.9106201830.AA18506
References: <43225@cup.portal.com>
Sender: daemon@ucbvax.BERKELEY.EDU
Reply-To: James M Galvin <galvin@TIS.COM>
Organization: The Internet
Lines: 23


	1) Does PEM address all of the security and authorization issues
	for sending mail on the Internet?

Depends on what you mean by all.  I believe that PEM addresses the
principal security issues, since it supports message integrity, message
origin authentication and message confidentiality.  Since public-key
technology is used, our implementation will also support
non-repudiation.  Of course, you must "trust" your local host as far as
protecting your private key is concerned, but this is an acceptable
risk.

	2) Is PEM the preferred approach for building security into
	private company Internets as well?

PEM may satisfy most, if not all, private company E-Mail security
requirements.  As for whether or not it is a preferred approach for
building security, recent developments with respect to the licensing of
the technology may make this true.  However, this discussion is best
held on "pem-dev@tis.com".  Send mail to "pem-dev-request@tis.com" if
you want to get added to the list.

Jim