Utilities Choose PGP Encryption Over S/MIME

From: "Noonan, Michael D" <michael.d.noonan@intel.com>

Utilities Choose PGP Encryption Over S/MIME

Suppliers of natural gas now have a standard way of securing electronic
transactions between trading partners.

While the Gas Industry Standards Board joins a growing list of vertical
industry consortia forming such standards, it is among the first major
groups to chose PGP (Pretty Good Privacy) encryption and authentication
technology rather than the more popular S/MIME (Secure/Multipurpose
Internet Mail Extension) standard developed by RSA.

The GISB's decision to adopt PGP for its 165 corporate members--which
include Amoco, Exxon, Mobil, Con Edison and Pennsylvania Power & Light
Co.--is a major endorsement for PGP. This choice came from the fact that
PGP is file- based, providing data encryption for both e-mail and file-
based data.

Also, the group felt it was better suited for its requirements, which
include data privacy, integrity, authentication and nonrepudiation.

While the S/MIME standard also supports those core functions, it is
intended only for e-mail encryption. The GISB has been experimenting with
PGP since 1996, before S/MIME became a standard, according to Carl
Caldwell, chairman of the GISB's electronic delivery mechanism committee.

GISB was looking at ways to send encrypted EDI files, using HTTP as a
transport, "but at the time, SSL [Secure Sockets Layer] was owned by
Netscape, and we didn't want to pick one specific Web server and browser,"
Caldwell said. Plus, "we needed a file-based security product."

PGP will help the GISB member companies secure more than 37 different
types of business transactions, from ordering space on a pipeline to
moving gas to paying for it once it reaches its destination, GISB
officials said. -- Rutrell Yasin

ISN is sponsored by Security-Focus.COM