FW: ANNOUNCE: Self-Learning OpenPGP and S/MIME Gateway

GnuPG Users GnuPGUsers@glueckkanja.com
Thu Dec 26 16:34:01 2002


Ryan Malayter wrote on December 19th 2002:=20

> One unanswered question in my mind though: if a user sends a=20
> message, and the gateway finds a public PGP key for the=20
> recipient, fine, it's encrypted. But what if it doesn't?=20
> Is the message sent plain text automatically, or is the=20
> user asked somehow if it's okay to send it plain text?=20
> How is the user asked without a client-side program, via=20
> an automated reply email with a web link? This seems to be=20
> quite a problem, since "no key found, okay to send?"=20
> messages with every email would get quite annoying.

Quite correct, the user will get a "bounce" e-mail when no key is found =
if the gateway is configured to only let out encrypted e-mails. This =
bounce e-mail is similar to the ones you get when the e-mail address is =
incorrect. The company can include customized information on how the =
user should proceed.=20

However, most corporations will only enforce encryption to domains where =
keys are available. It would be foolish to mark a domain as "must =
encrypt" if no or few keys are available. Instead, the administrator can =
flag the domain with "encrypt if possible", so the e-mail could go out =
plaintext if no key is found. However, if the user has marked the e-mail =
to be encrypted (e.g. by including the word "encrypt" in the subject =
line), the mail must be encrypted and MUST NOT leave the corporation as =
plaintext.=20

Of course, the corporation must decide on what it wants to implement and =
what makes sense before configuring the gateway, otherwise a badly =
configured gateway would be quite a pain for the users. However, if =
configured wisely, the gateway provides an easy and cheap way to offer =
encryption for all users of an enterprise.=20

The way I see it, the gateway solution should be installed for the =
"masses" to enable them to send one or two e-mails without effort at low =
cost while the "heavy users" should still rely on a client-side =
installation which offers more usability by definition.=20

Christian Kirsch
Product Manager
christian.kirsch@glueckkanja.com
Gl=FCck & Kanja Technology AG=20