Use signatures and encryption
Two of the most fundamental requirements of electronic security are the ability to identify the people you're dealing with, and the ability to keep your communication secret. In the Internet world, this is becoming more difficult every day, simply because most Windows users do not avail themselves of the security resources at their disposal; they are either unaware of the dangers or unconcerned about their security. One of these resources that you should be familiar with is Pretty Good Privacy, which deals with both of these issues quite handily.
As most of you probably know, the highly-regarded PGP program, written by Philip Zimmerman, allowed even a casual user to create digital signatures, which now carry the same legal weight as paper-signatures and protect their documents or email with a fairly impressive encryption algorithm. This was especially nice because for quite some time, the program was free to individuals, while corporate users paid a modest fee. But unfortunately, Network Associates, which acquired PGP in '97, has put this software into a maintenance mode, much to the dismay of many loyal PGP users.
What many of you may not know, is that in '98, shortly after Network Associates acquired PGP, RFC 2440 was written. RFC 2440 defines OpenPGP. OpenPGP, as you might guess, is quite similar to PGP, except of course, that it is an open standard.
If you would like the ability to digitally sign and encrypt your work, visit www.gnupg.org, which is the home of the GNU Privacy Guard. This program contains almost all the features of PGP, but it's free, open source, available in several languages and it works on almost any Windows or UNIX platform.
You can read RFC 2440 at www.faqs.org.
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.
This was first published in March 2002