[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Security Proposal
Sid wrote:
> 1) Aside from the some in the "utilities industry", I don't know of PGP
> being used in B2B over internet infrastructure.
>
NAI claims there are over 7 million PGP users in the world. I can't validate
this
but they must know approximately how many users exist.
PGP is widely used by security organizations and several major vendors, here
are a few examples:
IBM: http://www.chips.ibm.com/services/foundry/solutions/faqs/
" Q10. Does IBM Microelectronics support encryption for transferring data?
IBM Microelectronics SCM encourages, but does not require, customers to
encrypt their data using the PGP (Pretty Good
Privacy) public key encryption standard. PGP is an open standard, with
clients available for PC, Macintosh, and UNIX
workstations.
IBM Microelectronics SCM will provide a public PGP key upon request for
customers who want to protect their data when they
send it over the Internet. "
----------
SUN: All of Sun's security bulletins are signed using PGP. Sun Security
Coordination Team's PGP key:
http://sunsolve.sun.com/pgpkey.txt
Here's a pointer to a PGP signed SUN security bulletin:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&typ
e=0&nav=sec.sba
-----------
Microsoft: All security bulletins are signed using PGP
Microsoft's PGP key can be obtained at:
http://www.microsoft.com/technet/security/notify.asp
which states:
"Verifying our Digital Signature
We digitally sign all security bulletins. To verify the signature, please
download our PGP key. The key's fingerprint
is 5E39 0633 D6B3 9788 F776 D980 AB7A 9432. "
-----------
CISCO Systems: uses PGP to sign all their security alerts.
A text version of Cisco security notices will be clear-signed with the Cisco
PSIRT PGP key and posted to the following e-mail addresses and Usenet
newsgroups:
cust-security-announce@cisco.com
bugtraq@securityfocus.com
firewalls@lists.gnac.net
first-teams@first.org (which includes the CERT/CC)
cisco@spot.colorado.edu
cisco-nsp@puck.nether.net
comp.dcom.sys.cisco
Various internal Cisco mailing lists
------------
SANS, another well regarded security organization signs their critical
security notices with PGP, here is a quote from SANS:
"We are signing the Consensus newsletter with PGP. The new SANS PGP key
is posted at
(http://certserver.pgp.com:11371/pks/lookup?op=get&search=0xA1694E46)
and can be accessed from the SANS Web site (http://www.sans.org)."
------------
CERT: The Computer Emergency Response Team at CMU, a highly regarded
security watchdog organization, signs all their security related bulletins
using PGP, ref: attached CERT advisory, it states:
"We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from
http://www.cert.org/CERT_PGP.key "
------------
Segments of the U.S. Energy Industry (a $500 Billion dollar a year industry
and growing)
are required by FEDERAL LAW to encrypt/sign their business data using PGP.
Enron alone has done $183 Billion dollars in E-Commerce over the Internet,
that's more
than anybody else I'm aware of!
ref: http://www.computerworld.com/cwi/story/0,1199,NAV47_STO54149,00.html
------------
Sid, I challenge you to provide evidence similar to what
I've provided above, indicating widespread utilization/adoption of S/MIME
for
B2B E-commerce.
> 2) Not a spec.
>
I don't understand this comment, please explain.
> 3) Not much value in PGP support announcement.
>
>
Could you explain what you mean by this. Do you mean not much value
to Netfish? I assert that all the organizations I listed above could
potentially benefit by reusing their PGP capabilities over ebXML.
Dick Brooks
Group 8760
110 12th Street North
Birmingham, AL 35203
dick@8760.com
205-250-8053
Fax: 205-250-8057
http://www.8760.com/
InsideAgent - Empowering e-commerce solutions
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC