Network Associates this week said it has begun shipping PGP Enterprise Security, an updated version of the Pretty Good Privacy encryption and authentication software that lets users digitally sign e-mail and files, and to scramble content to conceal it over the Internet.
The PGP Enterprise Security software includes a PGP 6.0 client plus server software that lets managers implement security-policy guidelines such as restricting traffic to and from some PGP users. The main upgrade to PGP Enterprise Security involves adding support for the IETF's new Transport Layer Security (TLS) encryption standard. The 128-bit TLS encryption protocol was designed as a replacement for the Secure Sockets Layer protocol, but is also backward-compatible with SSL.
This week, Jeff Harrell, product manager at Network Associates' network security division, also mapped out the technology strategy for PGP going forward.
PGP continues to use its own proprietary digital certificate format, which is in contrast with most other vendors in the public-key infrastructure (PKI) business that use the international standard, X.509.
Public-key digital certificates unite the user's identity with their own encryption key so the user can digitally "sign" a document and the recipient can verify the document wasn't tampered with before receipt.
But by next February, the PGP Enterprise Security should have a way to take an X.509 certificate and convert it into a PGP certificate, and vice versa, Harrell said.
"The main reason we're doing this is because if you want to authenticate yourself against a firewall, for instance, most of them are going to be using the IP Security protocol and the Internet Key Exchange (IKE) protocol. And IPSec and IKE use X.509 certificates," Harrell said.
While X.509 Version 3 certificates are standardized, there is still an interoperability problem related to how different vendors' certificate management servers check X.509 certificates against certificate revocation lists (CRL) to determine their validity. Therefore, Network Associates wants to be sure that their X.509 conversion of PGP certificates works with a range of vendor PKI choices, such as those from VeriSign, Entrust Technologies and Microsoft.
"We're concerned that this has got to work with 4 or 5 different PKIs," Harrell said. "X.509 is not going away. But we're not in this CRL war. We want to understand all the certificate types out there."
While he called the PGP certificate conversion plan "unusual," Entrust's director of product management, Ian Curry, said certificate translation certainly can be done technically. He added: "This makes sense for them and for the industry, which stands to benefit from further interoperability in this way."
RELATED LINKS
Network Associates buys Pretty Good Privacy
IDG News Service, 12/2/97
Moving toward encryption interoperability
Network World Fusion Focus on Groupware/Messaging, 7/10/98
Entrust/PKI 4.0 System Requirements and Specifications
From Entrust.
Public Key Infrastructure Architecture
Burton Group white paper (requires free registration).
Is PKI ready for prime time?
Network World Fusion Focus on Groupware and Messaging, 6/29/98.
Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.
![]()
Request a reprint or permission to use this article.
