ANNOUNCE: Self-Learning OpenPGP and S/MIME Gateway

Ryan Malayter
Thu Dec 19 00:27:02 2002

At first I thought this was complete snake oil, but then I read the
product brief:
	"The CryptoEx Gateway can also be used in conjunction=20
	with client software such as CryptoEx Outlook or CryptoEx=20
	Notes. This makes sense when highly sensitive departments=20
	such as the board of directors or research and development=20
	require an end-to-end solution for security reasons, while=20
	the remaining users are to be equipped with a more cost-
	effective solution."

These guys seem to understand the limitations of their technology. If
you can prevent all spoofing from your internal mail servers (a tough
thing with many products), I see the value this could have to a

One unanswered question in my mind though: if a user sends a message,
and the gateway finds a public PGP key for the recipient, fine, it's
encrypted. But what if it doesn't? Is the message sent plain text
automatically, or is the user asked somehow if it's okay to send it
plain text? How is the user asked without a client-side program, via an
automated reply email with a web link? This seems to be quite a problem,
since "no key found, okay to send?" messages with every email would get
quite annoying.

Ryan Malayter
Sr. Network & Database Administrator
Bank Administration Institute
Chicago, Illinois, USA
PGP Key:
"To grasp the true meaning of socialism, imagine a world where
everything is designed by the post office, even the sleaze."
    -PJ O'Rourke