http://news.yahoo.com/h/cn/20001129/tc/yahoo_delivers_encrypted_email_1.html
Wednesday November 29 03:00 AM EST
Yahoo delivers encrypted email
By Paul Festa, CNET News.com
Yahoo has quietly introduced a way for people to send scrambled messages through its
email service.
As first reported in August, Yahoo is providing its email encryption
option through a deal with Zixit, a Dallas-based email encryption
firm. Yahoo will rout encrypted email through Zixit's
SecureDelivery.com Web site.
Yahoo and Zixit representatives declined to comment on the public
availability of the service and would not say whether it was an
across-the-board launch or a temporary test.
In papers filed with the Securities and Exchange Commission, Zixit
disclosed that the service would launch in the fourth quarter.
Whatever its scope, the introduction of the service makes Yahoo the
first major Web portal to offer encrypted email. So far, data
scrambling has been the province of tech-savvy computer users willing
to use products that require a software download, such as Network
Associates' Pretty Good Privacy.
Yahoo's competition in the free, Web-based encrypted email arena comes
from smaller players including Hushmail and ZipLip.
Some analysts have questioned the value of a mass-market encryption
product, suggesting that the odds of an email message being
intercepted are infinitely smaller than the danger of compromising
sensitive data stored on a lost computer or on a hacked Web server.
Yahoo's free encryption option handles outgoing email messages in a
multi-step procedure that the portal warns is not foolproof.
"Please be aware that this is not an end-to-end secure service," reads
an explanation of the service posted by Yahoo. "This option only
avails your recipient of a certain level of security in accessing and
reading the email message you are sending. Before your email message
is encrypted by SecureDelivery.com it is still subject to the inherent
limitations of a standard TCP/IP connection."
Yahoo's new system works like this: Once a message is composed, it
travels, unencrypted, to Yahoo, which sends it through a secure
connection to SecureDelivery.com. There, the message and any
attachments are scrambled.
SecureDelivery then sends the recipient the address to a Web page,
secured by Secure Sockets Layer ( SSL) and hosted by
SecureDelivery.com, where the message can be picked up and descrambled
for up to seven days.
Recipients first have to verify that they hold the specified email
account. They then can choose a "pass phrase" that will automatically
give them access to future messages.
Under the terms of the deal, Zixit will pay Yahoo at least $5.7
million during the next two years. On top of that, Zixit will give
Yahoo a cut of revenues "associated with Yahoo users."
Zixit this month landed a second major client, Entrust, which will let
people using its Entrust/Express encryption product send messages
through the SecureDelivery service if their email recipient doesn't
have an Entrust certificate. Under that deal, Entrust and Zixit will
divide usage fees and advertising revenues.
