Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security Reviews

Introduction

Updated August 16, 2005

In Part 1 of this review, I looked at the history behind PGP Corp., the PGP method of email and disk encryption, and provided a general overview of the PGP Universal gateway encryption product.

In this second and final part, I will focus on how the product actually functions, and will examine all of the different components of PGP Universal Series 500.

Learn Mode

A PGP Universal server begins life in something called Learn Mode. Learn Mode consists of the server proxying mail and creating keys for users as usual, but not encrypting or signing any mail it sends. This allows a server to safely generate keys for users and show administrators how different mail would be encrypted if Learn Mode were not active. But it doesn't incur the nasty overhead of actually having to encrypt and sign messages while simultaneously generating keys for all of the users in the internal domain. Once enough keys have been generated, Learn Mode can be deactivated and encryption can begin.

While in Learn Mode, you are also able to set up and test policies for encrypting mail. Everything about PGP Universal's encryption system, such as who to encrypt mail to, what to do for recipients without a key and whether to use OpenPGP or S/MIME to encrypt messages, is controlled at the policy level. (Figure 1)

The mail encryption policy screen

Figure 1: The mail encryption policy screen
(Click image for more detail)

I established a default policy that would apply to every domain that mail was sent to, and then established several contingencies and exceptions for messages. These exceptions could apply to both message subjects and recipient domains, and I established policies for both.

For the recipient domain, I specified foobar.net (our old friend Bob's domain) and specified that all mail being sent to this domain should be encrypted. For the message subject, I followed the reviewer's guide provided by PGP Corp. and specified "payroll" as the subject.

Setting up policies for message subjects seemed a little counter-intuitive, as it used the same interface as the recipient domain policy setup. Also, in order for message subjects to be considered for encryption the "Apply special policy to messages flagged as Confidential" option had to be selected.

Another thing that would have been nice is wildcard support for domains, which could be used, for example, to send only plaintext mail with no encryption options to top-level domains from countries where encryption is illegal.

More Stuff

Top Ranked Routers

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hello, first posting, a complete newbie as far a routers go, last purchased the D-Link 615 (Version B).I purchased the AC3100, refurbished router, fol...
just update to 3.0.0.4.380.7743 and am now having problems. After about 30 min. I get message that system rebooted and port # changed, need to disconn...
Hello...been a while since I've been around here but I've got a legitimate issue that some smart minds can definitely help me figure out.. I've got an...
Using the latest Merlin beta firmware on an AC68 and trying to install DNScyrpt. Used the instructions here:https://github.com/RMerl/asuswrt-merlin/wi...
Hey guys,I have two issues with my router, and I'd really really appreciate any help I get:1. Somehow I blocked LAN access of my router. Now to add to...

Don't Miss These

  • 1
  • 2
  • 3
Get Backblaze Now!