For those implementing gateways to perform tunneling versus
convert and forward, may I suggest that within any organization there
are users with varying degrees of security needs and various levels of
capabilities. From a consumer's point of view, any gateway installed
at my location would, by neccessity, tunnel anything and everything
to the systems operation staff. Our keys would never reside on the
server for any reason. On the otherhand, the secretaries would
vastly prefer that their mail leaves and arrives secure without
having to worry about key management, security, uucoding, MIME, or
whatever.
If the gateway will maintain user keys (private keys at that), it
follows that a small profile of the user would be present as well.
In that event, the users' preferences for any of the proposed
techniques presented so far should be honored. Furthermore, local
administrative policy may mandate which divisions should be using
which settings.
_______________________________________________________________________________
John E. Joganic
Systems Programmer, Senior
Economic Science Laboratory, University of Arizona