This file started life (but modified since) as my post: >Date: Sat, 21 May 1994 20:53-EDT >From: Vincent.Cate@FURMINT.NECTAR.CS.CMU.EDU >To: cypherpunks@toad.com, outnews+netnews.alt.security.pgp@andrew.cmu.edu >Subject: "Email-Firewalls" / Instant Corporate PGP Companies like the idea of firewall machines to protect the security of their internal nets. I bet they would also like something called an "email-firewall". Names are important. :-) I think of the email-firewall as a slightly modified anonymous-remailer. Outsiders could send encrypted mail to the remailer and it would decrypt it and send it on to the right person inside the company over internal (more secure) nets. The email-firewall could also encrypt outgoing mail when it was going to a person who either had a listed PGP key or who was working at another company with an email-firewall. With this the average user inside the company would not need to deal with the encryption directly. A system administrator would set things up without users needing to learn anything. Getting encrypted mail would not take anything new, and sending might take a slight change. This remailer would make email somewhat anonymous as far an outsider looking at mail, since it would all be going to or coming from one account name. However, this remailer would not hide the identity of the sender from the person receiving the mail (so it is not a typical anonymous remailer). Corporations need security, but probably not anonimity. Each company would only need to buy one copy of ViaCrypt PGP. For a company this cost is, of course, negligible. Of course this is only a step towards true end-to-end encryption, but it is easy and far better than what they have now. Also, it fits with the way companies work. There is a security guard at the entrance to the plant, but once inside people generally trust each other and don't worry about security. With this, internal mail is still like postcards, but external would have an envelope. I thought about this when making two short scripts (below) that let me send and receive mail without any extra work. Mail to vac+pgp@cs.cmu.edu (my low security envelope) is decrypted automatically. To send mail I make aliases like "vac+eric" in my .maildelivery and when I send to them they are encrypted and then resent to the right place. These 2 scripts are not the full "email-firewall" - but a step in that direction. Thought I would throw the idea out. Has anyone done this? Let me know if you do. Future info I get on email-firewalls will go into this file: http://www.offshore.com.ai/security/email-firewalls My send and receive scripts are: http://www.offshore.com.ai/security/pgp-send http://www.offshore.com.ai/security/pgp-receive -- Vince