[117715] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: IP: Automatic Encryption

daemon@ATHENA.MIT.EDU (William H. Geiger III)
Thu Sep 9 10:29:22 1999

Date: Thu, 9 Sep 1999 10:08:05 -0400
Message-Id: <199909091407.KAA10278@domains.invweb.net>
From: "William H. Geiger III" <whgiii@openpgp.net>
To: Multiple recipients of list <cypherpunks@openpgp.net>
Reply-To: "William H. Geiger III" <whgiii@openpgp.net>

In <v04210127b3fc5d48cdf8@[204.167.108.57]>, on 09/08/99 
   at 03:09 PM, Robert Hettinga <rah@shipwright.com> said:


>Privacy Concerns -
>http://www.angelfire.com/biz/privacyconcerns/index.html

>The Park to Offer Secure Web-based E-mail -- Privacy Assured Through
>Automatic Encryption That is Transparent to Users
> 
>       SAN FRANCISCO--(BUSINESS WIRE)--Sept. 8, 1999--The Park, a global
>Internet community, which has attracted approximately 40 million visitors
>from 86 countries since it was founded in 1994, will add advanced
>encryption software to its servers by month-end, which will allow
>visitors to its site to send totally secure and private Web-based e-mail.
> 
>       Called ParkMail, the new secure e-mail service will be free at
>www.the-park.com. The security will run automatically in the background,
>and be completely transparent to users.
> 
>       Current e-mail messages from ISPs and Web portals can easily be
>intercepted and read. ParkMail uses advanced RSA encryption software,
>which automatically encrypts all messages, including attached text and
>graphic files, at the Park's servers before they are distributed.
> 
>       "While there are several encryption programs that can be
>downloaded, they require the user to go through a series of steps to
>encode each message. They aren't automatic or transparent," noted The
>Park's Founder, Brent Hunter. "This will give anyone who visits our site
>complete security to send private messages and sensitive private or
>corporate information via e-mail at The Park without fear of being
>intercepted."

Well I couldn't find any additional information at their website but it
sounds to me that they are using simple point-to-point encryption via SSL:

User A connects via SSL to the Web based mail account.
Creates his e-mail message.
"sends" it to User B (actually it just gets put into User B's mailbox at
the site).

User B connects via SSL to the Web Based mail account.
Retrieves his e-mail messages.


Their may be some file encryption of the stored messages. They could
accomplish end-to-end encryption but this would require the user to
generate his own keys, perhaps using a Java plugin. It is rather hard to
tell what they are doing from the above press release but I seriously
doubt it is something I would want to trust sensitive data to.

I really do find depressing the SOP of so called "reporters" to just
blindly regurgitate press releases as "news".

-- 
---------------------------------------------------------------
William H. Geiger III  http://www.openpgp.net
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii

Hi Jeff!! :)
---------------------------------------------------------------



home help back first fref pref prev next nref lref last post