Unlocking virtual private networks

Secure electronic-mail: return to sender, David Willis.The author examines the current open messaging security strategies adopted by Entrust Technologies, Netscape Communications, OpenSoft, Pretty Good Privacy and others. He looks at the major factors to be considered when implementing secure E-mail beyond a company's immediate borders. To understand how lax intercompany E-mail security is it is only necessary to watch a typical SMTP gateway. Messages often pass in the clear, and undeliverable messages are dumped at the gateway or in a postmaster mailbox. In the corporate environment, centralized control of encryption keys is vital to maintaining ownership of the organization's assets. Encryption services are not normally in place for Post Office Protocol (POP)/Internet Mail Access Protocol (IMAP)-based E-mail products or over SMTP links between proprietary and foreign systems. However, enhanced security can be implemented at the gateway level. Authentication and encryption are more appropriately handled by the E-mail client using a standard approach supported by a range of vendors.