1996-06-17 - Re: Netscape Mail Security and PGP Plugins

Header Data

From: Raph Levien <raph@cs.berkeley.edu>
To: Greg Kucharo <sophi@best.com>
Message Hash: d2a1cba721354b1f1df3793111bcfa30e1ea8b316f6fca81df7a4d8f3435c2c3
Message ID: <31C494FF.7B1A422@cs.berkeley.edu>
Reply To: <31C39529.133B6630@best.com>
UTC Datetime: 1996-06-17 01:04:10 UTC
Raw Date: Mon, 17 Jun 1996 09:04:10 +0800

Raw message

From: Raph Levien <raph@cs.berkeley.edu>
Date: Mon, 17 Jun 1996 09:04:10 +0800
To: Greg Kucharo <sophi@best.com>
Subject: Re: Netscape Mail Security and PGP Plugins
In-Reply-To: <31C39529.133B6630@best.com>
Message-ID: <31C494FF.7B1A422@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Greg Kucharo wrote:
> 
> There hasn't been a lot of discussion on this list about the future
> of secure e-mail via Netscape. The most i've seen has come from
> Raph Levien on the standards battle between S/Mime and other various
> implementations including one using PGP. Raph has said at various
> Cypherpunks meetings now that( and not wanting to totally put words in
> his mouth) the PGP based implementations have lost ground to S/MIME.

I certainly believe this - PGP now has the first real challenge to its
continued viability.

I would like to emphasize (at the risk of repeating myself) that it now
looks quite possible that the limitations of S/MIME that I discussed at
the next-to-last cpunks meeting will be addressed. It hasn't been
formally decided, though. I'd say this is an important opportunity for
cypherpunks to make themselves heard. S/MIME as it is currently defined
has severe implementation weaknesses. There are two concrete proposals
on the table to fix these problems - lobbying the S/MIME people will
help.

>  The reason I believe that this whole area has received so little
> quarter on the list is that either few people use Netscape for e-mail
> and that few people actually send encrypted e-mail.

Undoubtedly a combination of both.

>  I'm going to try and put together a compendium of web links on this
> so it's a little easier to track the developments and various schemes.
>  At the second to last Cypherpunks Bay Area meeting we had a discussion
> of crypto GUI's. It's my opinion that Netscape would be an excellent
> place to start because it does encryption relatively seemlessly.
> Incorporating S/MIME into the mail would be a great step forward in
> bringing easy crypto to the general community. Any PGP plugin I would
> hope eleviate the many UI problems PGP has.
>  A couple of questions I have right off the bat are;

>  1. In Hal's Java mail encryptor, what are the legal aspects of
> sending code across that contains crypto?

Almost undoubtedly still illegal, unless Pro-CODE passes.

>  2. Can any plugin access the Netscape Mail program.

No. As currently defined, the Netscape API does not export mail.

>  3. When is S/MIME going to be in Netscape, I tried to find info on the
> web site but thier statements about S/MIME seem vague.

I hear conflicting reports on this myself, but my best guess would be
some time this fall - probably just a month or two before PGP 3.0 ships
;-)

>  I hope I'm not running over old ground, but this has to be alot more
> intresting than discussing that PBS show!

Agreed.

Raph





Thread