Royal Mail is to set itself up as a Trusted Third Party (TTP), offering encryption and key management services for Internet communications and transactions.
This follows the DTI's encryption policy announcement last month, when Barbara Roche, parliamentary under secretary of state at the DTI, outlined plans for voluntary licensing agreements for bodies offering cryptographic services to the public (see PC Week, 5 May).
It has not been established what the licensing procedure for TTPs will involve, but it is likely that legislation will be introduced and the licensing procedure finalised quickly.
Royal Mail's proposal is for a "secure Internet service that will assure the privacy and confidentiality of messages and transactions sent over the Internet". It will use software from Entrust Technologies, which will probably be based on a certificate server and a separate X.500 directory server. Royal Mail refused to give details.
Jim Pang, director of electronic services at Royal Mail, said in a statement: "Royal Mail has more than 350 years' experience of delivering private messages and has earned a high level of trust with the British public."
The question is whether people will want to use an encryption model that forces trust to be established between parties that have not met, as opposed to Network Associates' PGP Web of Trust model, where trust is established by signing the keys of people known to you.
Heather Stark, analyst at Ovum, commented: "For my money, the hierarchical trust model (used by Entrust) is more appropriate for situations where people don't know each other."
Graham Curme, European director of security sales for Network Associates, disagreed. "Do you know the person who will issue your certificate at the Post Office? Have they met you?" he asked.
"Royal Mail is implementing a full verification policy which will include users being asked to provide standard proofs of ID and substantiation of their address, which will be checked," said a Royal Mail spokesman.
"Users will have to register at a local registration authority, which has yet to be decided."
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all