More secure e-mail
March 26, 2001
Qualcomm, maker of the Eudora e-mail program, announced it will add seamless privacy capabilities to the world's most popular retail e-mail client.
The addition of Secure Sockets Layer technology means users will be able to send e-mail that will stay private until it reaches their Internet service provider. After that, the e-mail goes decrypted over the Internet cloud - a space filled with so many billions of bytes, it's very difficult to spy on a single message. Eudora's SSL system then re-encrypts the message at the recipient's ISP, which gives it the same protection at the receiving end as it had when it was sent.
"The question is: Where is the attack going to take place?" said Kawika Daguio, president of OS Crypto, a security consulting firm. "Most of the time, it's someone watching one of the two parties and not [trying to eavesdrop on] everything."
Unfortunately, sophisticated attackers may have other ways of reading people's e-mail, said David Crocker, director at the Internet Mail Consortium. And while SSL requires no effort by the end user, the fact that mainstream programs such as Eudora are only now adopting it suggests that the state of e-mail security is far behind that of the rest of the Net, he said.
"Security technology in e-mail is very, very poor," Crocker said. "Other than [secure] Web connections, we have no widespread use of information security on the Net. Just getting e-mail to use TLS [Transport Layer Security], which is the small revision of SSL, is a big deal, and it's being adopted pretty slowly."
Perry Metzger, president of Wasabi Systems, said he expects data-scrambling technology will become increasingly integrated into computing. Soon, he said, PC users will begin moving to Internet Protocol Security, which secures all data passed from one machine to another automatically.
Will Rodger Special to Interactive Week, Copyright © 2001 ZD Inc.