1996-10-10 - Re: pgp, edi, s/mime
Header Data
From: Raph Levien <raph@cs.berkeley.edu>
To: “ratak (Jason E.J. Manaigre)” <ratak@escape.ca>
Message Hash: 7a18e1a276674236dfe30d32ce0cbe6cd2348e39f7af30d4a520616cce8c8128
Message ID: <325C4BCA.190F46FC@cs.berkeley.edu>
Reply To: <199610091521.KAA26969@wpg-01.escape.ca>
UTC Datetime: 1996-10-10 01:08:22 UTC
Raw Date: Wed, 9 Oct 1996 18:08:22 -0700 (PDT)
Raw message
From: Raph Levien <raph@cs.berkeley.edu>
Date: Wed, 9 Oct 1996 18:08:22 -0700 (PDT)
To: "ratak (Jason E.J. Manaigre)" <ratak@escape.ca>
Subject: Re: pgp, edi, s/mime
In-Reply-To: <199610091521.KAA26969@wpg-01.escape.ca>
Message-ID: <325C4BCA.190F46FC@cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain
ratak (Jason E.J. Manaigre) wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Mime-Version: 1.0
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
>
> To: jubois@netcom.com, cypherpunks@toad.com
> Date: Wed Oct 09 10:19:39 1996
> t:
> >
> > - S/MIME and PGP are the two leading candidates for encrypting EDI
> > messages,
> > S/MIME inside the US, and PGP outside the US where S/MIME is unavailable.
> >
>
> How far along has S/Mime come now, can they offer the same key sizes
> as PGP...?
S/MIME has come a _long_ way. An earlier version (now called S/MIME 1.0,
although I'm not sure this is going to make it into any marketing
materials) had a couple of cryptographic problems compared with PGP.
Those problems have been fixed in version 2.0, which is expected shortly
(as an internet draft).
S/MIME 2.0 _defaults_ to 168-bit triple-DES, unless you're stupid enough
to use the export version. RSA key sizes up to 2048 bits are supported,
as are a number of alternate symmetric algorithms. In addition, digital
signatures are based on 160-biy SHA1, rather than 128-bit MD5, which is
half broken anyway.
In the meantime, Deming software is shipping a slick Windows
implementation of S/MIME, which integrates nicely with Eudora. Netscape
is expected to ship cross-platform S/MIME capability in version 4.0 of
Navigator (their original publicity materials were only off by a factor
of two ;-), and that will make a huge dent in the market.
In sum, S/MIME leaves PGP in the dust, both techically and as a market
force. There's still a lot of sentiment that PGP is one of "ours" and
S/MIME is one of theirs, but at this point it's the latter that has the
most promise of bringing encrypted e-mail to the masses.
If only X.509 weren't so darned ugly :-)
Raph
Thread
Return to October 1996
- Return to “Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>”
- Return to “Lucky Green <shamrock@netcom.com>”
- Return to “Raph Levien <raph@cs.berkeley.edu>”
- Return to “ratak (Jason E.J. Manaigre) <ratak@escape.ca>”
Return to “sameer@c2.net”
- 1996-10-09 (Wed, 9 Oct 1996 08:19:40 -0700 (PDT)) - Re: pgp, edi, s/mime - ratak (Jason E.J. Manaigre) <ratak@escape.ca>
- 1996-10-10 (Wed, 9 Oct 1996 18:08:22 -0700 (PDT)) - Re: pgp, edi, s/mime - Raph Levien <raph@cs.berkeley.edu>
- 1996-10-10 (Thu, 10 Oct 1996 09:09:22 -0700 (PDT)) - Re: pgp, edi, s/mime - Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
- 1996-10-10 (Thu, 10 Oct 1996 09:51:19 -0700 (PDT)) - Re: pgp, edi, s/mime - Raph Levien <raph@cs.berkeley.edu>
- 1996-10-10 (Thu, 10 Oct 1996 13:01:59 -0700 (PDT)) - Re: pgp, edi, s/mime - sameer@c2.net
- 1996-10-10 (Thu, 10 Oct 1996 16:01:50 -0700 (PDT)) - Re: pgp, edi, s/mime - Lucky Green <shamrock@netcom.com>