A newly unveiled company named Kryptiva is trying to meet all the important requirements for securing email. Many companies have offered encryption, digital signatures, and proofs of delivery for electronic mail. But up to now, according to Kryptiva founder and CEO Karim Yaghmour, each design has embodied an important flaw that reduces either usability or security. (Karim is the author of Building Embedded Linux Systems, which I edited. Kryptiva is proprietary software.)
I won’t say much about Kryptiva’s architecture, which is laid out on one of Kryptiva’s web pages. What interests me most, among their discussion of requirements, is their way of trying to provide features that are usually mutually exclusive.
Kryptiva’s designers reject web-based mail for several reasons. Given the widespread success of phishing attacks, too many users could be tricked into giving a masquerading site their valuable information. If the web site being visited is maintained by the vendor, an enterprise might not want to entrust its sensitive email to the site. Finally, Kryptiva email can use the user’s familiar email client (the initial version works with Outlook, and a Thunderbird plug-in is coming) so that users can continue to manipulate their mail folders the way they’re used to.
The downside of integrating with popular email clients is that Kryptiva can’t do its job unless people on both side download and install a plug-in. Without the plug-in, a recipient can read signed mail, but not mail that’s encrypted or requests a proof of delivery.
Kryptiva can be installed on the enterprise’s own servers, so that it doesn’t have to interact with a third party. It is built to be integrated with other parts of email infrastructure. For instance, it can authenticate users in an LDAP directory to reduce the number of passwords required per user, and it can consult anti-spam, anti-virus, and anti-phishing products. No key ever has to be transmitted over the network. Kryptiva is also infrastructure-independent, meaning that an enterprise can add it to whatever network of servers they have without modifying the existing network. They can also deploy it selectively and incrementally.
Finally, Kryptiva is stateless, which makes it more scalable.