From: John Young <jya@pipeline.com>
Date: Mon, 18 Nov 1996 23:51:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Securing Electronic Mail Within HMG
Message-ID: <1.5.4.32.19961119074914.006a7368@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We have received from an anonymous source a document titled:

"Securing Electronic Mail Within HMG, Part I, Infrastructure 
and Protocol." 21 March 1996.

>From the Introduction:

"This document is the first part of CESG's recommendations for 
securing electronic mail within HMG. The main objective of the 
recommendations is to facilitate pan-government secure inter-
operability of electronic mail, by simplifying the implementation 
of secure electronic mail within government, ensuring secure 
electronic mail between departments is possible, attempting to 
facilitate future inter-operability with commercial users,
maximising the use of commercial technology in a controlled manner,
whilst allowing access to keys for data recovery or law enforcement 
purposes if required."

Other sections describe:

2. Authentication Framework

3. Confidentiality Framework

4. Security Protocol

The document refers to the Royal Holloway program for TTP critiqued 
by Ross Anderson and others as "EuroClipper." Perhaps those with 
more knowledge could make an assessment.

The document consists of 13 pages of text and diagrams, with 
a few gaps.

-----

http://jya.com/sem.htm  (35 kb with 7 jpg images)