· Ownership and use of keys. Will the user or the corporation own the keys? Will a single pair be used both for signatures and encryption, or will separate pairs be maintained? Some products, such as Entrust Technologies' Entrust, Worldtalk Corp.'s Worldtalk Secure and OpenSoft Corp.'s O penSoft ExpressMail, allow for certificates containing two different pairs. Ent rust assumes corporate ownership of private encryption keys--so that data may be recovered--but personal signing keys are exclusively under the individual's control.

· Intrusiveness of encryption. Client-based e-mail security is usually implemented on a per-message basis. Does the organization trust its employees to recognize sensitive information? Can users be sufficiently trained to use encryption properly? How will long-term security awareness be maintained?

· Entrenched applications. How will an existing messaging platform be secured? Plug-ins for many MAPI and POP/IMAP mailers are available. Will emerging message access technologies--such as IMAP and browser access--be supported? Some S/MIME approaches may be incompatible with IMAP functions, and browser mail implementations let you download message parts for encryption or signature verification services.

· Integration to the corporate directory. Client products that enable public key distribution via the corporate directory a re far less cumbersome to manage than those that require peer relationships. For example, Netscape and Entrust let public LDAP-enabled directories retrieve certificates.

· Security administration roles. Does the system separate and enforce the roles of the security officer, system administrator, directory manager and user?

· Certificate authority policies. Will an internal or external CA be used? Which certificate authorities will be cross-certified? Will self-signed certificates and peer-trust relationships be allowed?

· Certificate policies. Under what verification criteria will a certificate be issued? What is the certificate's lifetime? How will Certificate Revocation Lists be used? What authentication is required before a certificate will be issued? Will certificates be distributed manually (via disk files), via e-mail or via Secure Sockets Layer (SSL) connections to a Web server?

· Client issues. How are certificates stored? What authentication mechanisms are used t o protect them? Can certificates be self-signed? Can a user establish a peer relationship with another user without formal cross-certification by a centralized authority?