From: tcmay@sensemedia.net (Timothy C. May)
Date: Mon, 24 Jul 95 11:23:39 PDT
To: cypherpunks@toad.com
Subject: Re: S/MIME and the Future of Netscape
Message-ID: <ac39334805021004c0ab@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 12:54 PM 7/23/95, Bob Snyder wrote:
>tcmay@sensemedia.net said:
>> With regard to SSL and Netscape not being open to outside developers,
>> several leading e-mail outfits, including Qualcomm, Netscape,
>> Frontier, etc., are working on an interoperable secure e-mail
>> standard called "Secure/MIME," or "S/MIME."
>
>Do you have sources for this information?  MOSS is out there at least as a
>Internet Draft, and possibly further along, and Steve Dorner of Qualcomm, the
>original author of Eudora, is pretty active in the MIME community and I doubt
>he would support a second MIME type to do the same thing...

Some of you have expressed skepticism about the mention of "S/MIME."

The longterm significance of S/MIME is debatable, of course. But here's the
press release I got from Jim Bidzos:



Date: Wed, 19 Jul 95 10:34:04 PDT
From: jim@RSA.COM (Jim Bidzos)
To: tcmay@sensemedia.net
Subject: Integrating RSA into Netscape (Netnews and Mail)


FYI...

     RSA News Release

     For information, contact:

     Patrick Corman or Lisa Croel
     Corman/Croel Marketing & Communications
     (415) 326-9648 or (415) 326-0487
     Corman@cerf.net or Lcroel@mediacity.com


     Major Networking and Messaging Vendors Endorse Open Specification for
     Secure E-Mail

     S/MIME Based on RSA Public-Key Encryption Technology

     Redwood Shores, CA -- July 24, 1995 -- Several major networking and
     messaging vendors, in conjunction with leading cryptography developer
     RSA Data Security today announced their endorsement of a specification
     for interoperable e-mail security, to be known as "S/MIME", short for
     "Secure/Multipurpose Internet Mail Extensions".  Several of the
     vendors announced plans to release S/MIME-compliant products next
     quarter.

     The S/MIME specification is based on the popular Internet MIME
     standard (RFC 1521), which provides a general structure for the
     content type of Internet mail messages and allows extensions for new
     content type applications... like security.  S/MIME will allow vendors
     to independently develop interoperable RSA-based security for their
     e-mail platforms, so that an S/MIME message composed and encrypted on
     one vendor's application can be successfully received and decrypted on
     a different one.

     Major vendors who today announced support for the S/MIME secure
     interoperable
     e-mail plan include Microsoft, Lotus, Banyan, ConnectSoft, QUALCOMM,
     Frontier Technologies, Network Computing Devices, FTP Software,
     VeriSign, Wollongong, SecureWare and RSA.

     Sophisticated encryption and authentication technology has been viewed
     as the crucial enabling technology for electronic commerce over the
     World Wide Web -- but encryption has been slow to come to e-mail, with
     most packages offering no security whatsoever. "Commercial e-mail
     packages don't offer encryption because, up until now, there have been
     few open security specifications," said Jim Bidzos, RSA President.
     "Internet Privacy-Enhanced Mail (PEM) is excellent for text-based
     messages. MIME represents the next generation, and has been widely
     adopted because of its ability to handle nearly any content type. The
     new S/MIME allows you to secure this rich content."

     Today's flurry of official endorsements from industry bodes well for
     the S/MIME plan.
     "We fully expect S/MIME to be the defacto standard for
     vendor-independent e-mail encryption.  Solid encryption is something
     that our customers have been asking us for, but up until now, we
     didn't have a viable option.  S/MIME gives them everything they want:
     RSA encryption, digital signatures, and the ability to mix different
     vendors' e-mail systems without losing that security," said Bob
     Dickinson, ConnectSoft Vice President and General Manager Consumer
     Online Products & Services Division.

     "Frontier Technologies believes that in the future most companies will
     routinely encrypt electronic mail messages sent over the public
     Internet," said Dr. Prakash Ambegaonkar, Frontier Technologies'
     president.  "This will only happen once there is a well-understood
     standard for secure e-mail that is easy to implement.  Frontier has
     several years experience in developing secure e-mail solutions.  In
     order to speed the adoption of the S/MIME specification, Frontier
     Technologies intends not only to be one of the first vendors to
     support S/MIME in its networking software, but to also make our
     initial implementation of the S/MIME protocol freely available for
     other vendors to use as a reference."

     "The freedom to have a private conversation is fundamental to personal
     communication that is the essence of electronic mail," said John
     Noerenberg, Director of Engineering for QUEST products at QUALCOMM.
     "Wide-spread acceptance of specs like S/MIME make it possible for
     individuals and organizations alike to conduct their business over the
     net secure in the knowledge that their private business is, in fact,
     private."

     "FTP Software is glad to endorse the S/MIME blueprint for secure
     electronic communication," said John O'Hara, director of development
     for FTP Software.  "Whether communicating with customers, business
     partners or remote offices, companies need to ensure that confidential
     information stays confidential.  This was difficult in the past, since
     organizations are connected through diverse messaging systems from
     competing vendors.  S/MIME eliminates those barriers by facilitating
     implementations across multiple vendor products."

     "Network Computing Devices is commited to answering market demand for
     network information access software providing an even higher level of
     protection and interoperability over LANs and across the Internet,"
     said Mike Harrigan, co-founder and vice president of NCD.  "S/MIME
     will further enhance our customers' ability to utilize our  e-mail
     solution, Z-Mail, and Internet navigation software tool, Mariner, in
     such a secure networked environment.  For this reason we fully intend
     to support the specification provided by S/MIME within the next
     quarter."

     This wll be an exciting catalyst for the rapid deployment of secure,
     interoperable e-mail from most of the industry leaders," said Web
     Augustine, VeriSign vice president of marketing & business
     development.  "VeriSign is committed to making our Digital ID services
     available to all companies that implement S/MIME and desire to work
     with a trusted third-party to certify public keys for their
     end-users."

     S/MIME is based on the intervendor PKCS (Public Key Cryptography
     Standards) which were established by a consortium of RSA, Microsoft,
     Lotus, Apple, Novell, Digital, Sun and the Massachusetts Institute of
     Technology in 1991.  PKCS is the most widely implemented suite of
     commercial cryptographic standards in the United States.  The common
     PKCS specifications allow developers to independently develop secure
     applications that will interoperate with other PKCS-secured
     applications.

     Developers interested in S/MIME can get more information at RSA's web
     site, at http://www.rsa.com, in the "What's New" section.

     RSA Data Security is the world's "brand name" for cryptography, with
     over 10 million copies of RSA encryption and authentication
     technologies installed and in use worldwide. RSA technologies are part
     of existing and proposed standards for the Internet and World Wide
     Web, CCITT, ISO, ANSI, IEEE, and business, financial and electronic
     commerce networks around the globe. The Company develops and markets
     platform-independent developer's kits, end-user products, and provides
     comprehensive cryptographic consulting services. Founded in 1982 by
     the inventors of the RSA Public Key Cryptosystem, the company is
     headquartered in Redwood City, California.

     S/MIME Vendor Contacts:

     Connectsoft                Tamese Robinson 206/450-9965
     Frontier           Dennis Freeman 414/241-4555
     FTP Software               Jill Dudka 508/659-6458
     Qualcomm           John Noerenberg 619/597-5103
     Microsoft          Tom Johnston 206/936-3233
     Lotus                      Kevin Kosh 617/860-5632
     Wollongong         Bob Brodie 415/962-7203
     Banyan             Jay Seaton 508/898-1000
     NCD                        Mike Harrigan 415/694-0663
     SecureWare         David Luther 404315-6295
     VeriSign           Web Augustine 415/508-1151

     ###

     RSA Public Key Cryptosystem and PKCS are trademarks of RSA Data
     Security, Inc. All other product or company names are trademarks of
     their respective corporations.