1996-03-26 - MUSE (Mail Ubiquitous Security Extensions) discussion starting

Header Data

From: John Gilmore <gnu@toad.com>
To: gnu@toad.com
Message Hash: 415c36003021857974c849275335e785f8ca9cd21f739a8403770458f921ad99
Message ID: <9603260842.AA07183@toad.com>
Reply To: N/A
UTC Datetime: 1996-03-26 18:03:58 UTC
Raw Date: Wed, 27 Mar 1996 02:03:58 +0800

Raw message

From: John Gilmore <gnu@toad.com>
Date: Wed, 27 Mar 1996 02:03:58 +0800
To: gnu@toad.com
Subject: MUSE (Mail Ubiquitous Security Extensions) discussion starting
Message-ID: <9603260842.AA07183@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Don Eastlake has written an internet-draft proposing to add signatures
and encryption to the Internet mail-delivery system.  The two big
differences between his proposal and past proposals are:

	*  They work at the "sendmail" level, not at the "mail reader"
	   level.  This doesn't give your mail complete end-to-end protection
	   (unless you use "mail reader" encryption like S/MIME or PGP).
	   But it's a lot easier to install and maintain; your sysadmin
	   can do it for your whole site, instead of having to retrain
	   every user.

	*  They use the Domain Name System to keep the keys.  Since
	   DNS is going to distribute keys for its own authentication,
	   these can also be used to provide authenticated public keys
	   for remote host machines, so that email destined for those
	   machines can be encrypted.  With existing systems, getting
	   and validating keys is a big problem.

I encourage cypherpunks to read his draft and to participate in the
discussion and/or implementation that results.

The general MUSE web page is at http://www.imc.org/ietf-muse/.  You
can find the hypermail'd mailing list archives there, as well as the
Internet-Draft (draft-eastlake-muse-00.txt).  I hope that soon the
Web page will tell you how to join or exit the mailing list, too!

One initial technical question I have about MUSE is why to bother
encapsulating email messages while in transit in more layers of MIME
glop?  Why not just run IP Security between the sendmail daemons
involved, and have the receiving sendmail daemon note in the Received
header that the message arrived over an authenticated connection?
IPSEC provides your choice of authentication and/or encryption, and
already uses the keys from the Domain Name System.  IPSEC solves many
other problems as well as the particular secure/private email delivery
problem.  And deploying a Real Application (sendmail) that uses IPSEC
would shake it out and get it widely used.

	John Gilmore





Thread