Re: Keyed-MD5, ITAR, and HTTP-NG

[Kevin L Prigge <klp@gold.tc.umn.edu>]

According to rumor, Doug Hughes said:
> >  Since you deal with security issues maybe you can help me to learn 
> >about some issues with encryption.  I am talking with one of the 
> >administration people about putting PGP on the system for everyone to 
> >use, but there are issues for them (the admin) as they might be liable, 
> >even if they can't read the e-mail.  What other legal considerations 
> >should be evaluated?
> >  Is there any large organizations (like any other universities) that 
> >allow their students to use PGP, and have the system in place to make it 
> >easier for the students?  If it is offered here I might be the one to add 
> >to the mail program (pine) that is generally used to transparently use 
> >PGP, which is what I mean by having a system set up for the encryption. 
> >  Thanx for any help.  Take care and have fun.
> >
> >James Black
> >black@suntan.eng.usf.edu
> >
> >
> We have approx 1000 machines and 5000 user accounts and have pgp installed.
> I can't think of any reason not to have it installed, and lots of good
> reasons for having it installed.

We currently have PGP installed on our 2 central email servers that
have approximatly 20,000 users. We haven't integrated it at this
point into Pine, etc mostly due to time and resources. 

I don't know why inability to read e-mail would cause liability,
and moving 2 million messages a week, I don't think that anyone
could be expected to know what users are sending. We only respond
to complaints.

-- 
Kevin Prigge                        |  Holes in whats left of my reason, 
CIS Consultant                      |  holes in the knees of my blues,
Computer & Information Services     |  odds against me been increasin' 
email: klp@cis.umn.edu              |  but I'll pull through...