With all the talk about X.509-based public key infrastructures (PKIs), you'd have to be foolhardy not to have one yet, right? Maybe not. PGP Enterprise Security 6.0 is a low-cost, low-impact and robust file, disk, and e-mail encryption suite based on Network Associates' own PGP certificate. Though it isn't on par with high-end traditional PKI solutions from Entrust and VeriSign, PGP Enterprise reflects a move that has garnered widespread approval.
I took a close look at PGP Enterprise and rediscovered why so many have adopted the techno-logy. The certificate server setup is trivial and its management so simple that it makes others, such as Entrust's certificate authority, seem like elephants on steroids. The lean and mean PGP Certificate Server is not a PKI solution per se, but it's a solid security package.
In this release, Network Associates has added Transport Layer Security (TLS) support, providing the next generation of Secure Sockets Layer from Netscape. TLS provides encryption and authentication for certificate server administration. Also new is certificate replication, which is essential for enterprise networks to provide increased performance for distributed sites and redundancy and backup of certificate servers.
The PGP Certificate Server runs on Windows NT and provides the directory structure for PGP public keys. Key pairs are generated on the client, and the public key is inserted into the server's directory using Lightweight Directory Access Protocol (LDAP). The LDAP support isn't just nice to have; it should be standard for any certificate directory server.
The PGP Desktop Security 6.0 component, including PGPkeys, PGPdisk, and PGPtools, provides the bulk of end-user functionality. Signature expiration has been added, letting the user set an expiration date to the PGP certificate. A fairly new technique, key splitting, has been added to allow for sharing pieces of your private key with others. Thus PGP can prevent the ugly administrative issues of key recovery, such as those Entrust users must resolve.
Photo identification is new to PGPkeys, offering a way to assign a picture to a key pair; but this sexy feature is mostly superfluous.
PGP Enterprise Security is robust but for one significant limitation: it doesn't have built-in support for X.509. Instead it's limited to foundation libraries or software development kits via its PGPsdk component. The company will be releasing X.509 integration plans soon. Also, Netscape Communicator mail plug-in support is still missing.
Despite these areas in need of improvement, PGP Enterprise Security 6.0 is a quick, easy, robust solution to global encryption and signing for corporate e-mail and data. If you make a large investment in PGP today, you should be able to integrate the system with any X.509 infrastructure down the road.
The Bottom Line
PGP Enterprise Security 6.0
Network Associates' new security suite is a low-cost, easy-to-implement alternative to the high-maintenance world of public key infrastructures.
Pros: Low cost; minimum setup headaches; signature expiration; key splitting; Lightweight Directory Access Protocol certificate server; photo identification; Transport Layer Security support.
Cons: Certificate server not X.509-based; no Netscape plug-in support.
Platforms: Windows NT 4.0.
Price: Not available at press time.
Tel (02) 9437 5866