[Standards-JIG] Re: The Great Encryption Debate

Nolan Eakins sneakin at semanticgap.com
Mon Aug 8 13:18:50 UTC 2005


(Nothing really needs to be quoted)

I was wondering if the requirement some businesses and industries for 
logging emails and IMs is being taken into account? A message logger 
will need to be able to decrypt the data for review or whatever, but 
once it goes past the corporate server it needs to be encrypted. With 
the e2e RFC, PGP, and other straight forward PK crypto this requirement 
wouldn't be to hard to meet if the business kept a copy of each private 
key locked up somewhere. That's not the most secure but it beats doing 
the crypto on the server.

Can any of the proposals meet this requirement? I'm sure some exec will 
be asking for it.

- Nolan




More information about the Standards mailing list