From: Hal <74076.1041@CompuServe.COM>
To: <cypherpunks@toad.com>
Message Hash: 6f29726ff00d3e683da72ceace18f01df5ada9aad936d8dd21be0d6852c04990
Message ID: <93011517594674076.1041_DHJ57-1@CompuServe.COM>
Reply To: _N/A
UTC Datetime: 1993-01-15 18:13:47 UTC
Raw Date: Fri, 15 Jan 93 10:13:47 PST
From: Hal <74076.1041@CompuServe.COM>
Date: Fri, 15 Jan 93 10:13:47 PST
To: <cypherpunks@toad.com>
Subject: RIPEM vs PEM
Message-ID: <930115175946_74076.1041_DHJ57-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain
There is a little confusion here between RIPEM and PEM. PEM is the
"official" Internet standard for Privacy Enhanced Mail. An implementation
is in beta test right now, and uses a centralized certificate hierarchy for
all keys. Everyone has to have their keys signed by an agency which is
authorized by RSADSI (at least according to the Internet drafts I have,
which are several months old). Typically, that agency would be your
company or your school, because they are in a position to vouch for your
identity. There is a provision, though, for pseudonymous keys to be
issued, although they would be clearly marked as such.
RIPEM is Mark Riordan's public-key program. It is similar to PEM, but does
not use the PEM certificates and therefore does not require people to have
their keys signed by an agency. It is not really PEM compatible. It does
use the RSAREF public-domain encryption package, so it is legal for non-
commercial use in the U.S. and Canada.
What I suggested was the use of RIPEM since it is available now, is legal,
and is free.
Note, though, that whether RIPEM or PGP is used, they are only for non-
commercial use. A remailer that wanted to charge, such as the ones that
Eric Messick is discussing, would probably have to license the technology
from PKP directly to be legal. (I'm not sure whether PEM also is limited
to non-commercial use.)
Hal Finney
74076.1041@compuserve.com
Return to January 1993
Return to “Hal <74076.1041@CompuServe.COM>”