1993-01-15 - RIPEM vs PEM

Header Data

From: Hal <74076.1041@CompuServe.COM>
To: <cypherpunks@toad.com>
Message Hash: 6f29726ff00d3e683da72ceace18f01df5ada9aad936d8dd21be0d6852c04990
Message ID: <93011517594674076.1041_DHJ57-1@CompuServe.COM>
Reply To: _N/A

UTC Datetime: 1993-01-15 18:13:47 UTC
Raw Date: Fri, 15 Jan 93 10:13:47 PST

Raw message

From: Hal <74076.1041@CompuServe.COM>
Date: Fri, 15 Jan 93 10:13:47 PST
To: <cypherpunks@toad.com>
Subject: RIPEM vs PEM
Message-ID: <930115175946_74076.1041_DHJ57-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain


There is a little confusion here between RIPEM and PEM.  PEM is the 
"official" Internet standard for Privacy Enhanced Mail.  An implementation 
is in beta test right now, and uses a centralized certificate hierarchy for 
all keys.  Everyone has to have their keys signed by an agency which is 
authorized by RSADSI (at least according to the Internet drafts I have, 
which are several months old).  Typically, that agency would be your 
company or your school, because they are in a position to vouch for your 
identity.  There is a provision, though, for pseudonymous keys to be 
issued, although they would be clearly marked as such.
 
RIPEM is Mark Riordan's public-key program.  It is similar to PEM, but does 
not use the PEM certificates and therefore does not require people to have 
their keys signed by an agency.  It is not really PEM compatible. It does 
use the RSAREF public-domain encryption package, so it is legal for non-
commercial use in the U.S. and Canada.
 
What I suggested was the use of RIPEM since it is available now, is legal, 
and is free.
 
Note, though, that whether RIPEM or PGP is used, they are only for non- 
commercial use.  A remailer that wanted to charge, such as the ones that 
Eric Messick is discussing, would probably have to license the technology 
from PKP directly to be legal.  (I'm not sure whether PEM also is limited 
to non-commercial use.)
 
Hal Finney
74076.1041@compuserve.com






Thread