1996-10-10 - Re: pgp, edi, s/mime
Header Data
From: azur@netcom.com (Steve Schear)
To: Raph Levien <raph@cs.berkeley.edu>
Message Hash: 1e06608c62fb51089066d694e67f395c664cfad84c8147f47a81fcdc9976212e
Message ID: <v02130501ae825f741356@[10.0.2.15]>
Reply To: N/A
UTC Datetime: 1996-10-10 15:26:45 UTC
Raw Date: Thu, 10 Oct 1996 08:26:45 -0700 (PDT)
Raw message
From: azur@netcom.com (Steve Schear)
Date: Thu, 10 Oct 1996 08:26:45 -0700 (PDT)
To: Raph Levien <raph@cs.berkeley.edu>
Subject: Re: pgp, edi, s/mime
Message-ID: <v02130501ae825f741356@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain
>S/MIME has come a _long_ way. An earlier version (now called S/MIME 1.0,
>although I'm not sure this is going to make it into any marketing
>materials) had a couple of cryptographic problems compared with PGP.
>Those problems have been fixed in version 2.0, which is expected shortly
>(as an internet draft).
>
>S/MIME 2.0 _defaults_ to 168-bit triple-DES, unless you're stupid enough
>to use the export version. RSA key sizes up to 2048 bits are supported,
>as are a number of alternate symmetric algorithms. In addition, digital
>signatures are based on 160-biy SHA1, rather than 128-bit MD5, which is
>half broken anyway.
>
>In the meantime, Deming software is shipping a slick Windows
>implementation of S/MIME, which integrates nicely with Eudora. Netscape
>is expected to ship cross-platform S/MIME capability in version 4.0 of
>Navigator (their original publicity materials were only off by a factor
>of two ;-), and that will make a huge dent in the market.
>
>In sum, S/MIME leaves PGP in the dust, both techically and as a market
>force. There's still a lot of sentiment that PGP is one of "ours" and
>S/MIME is one of theirs, but at this point it's the latter that has the
>most promise of bringing encrypted e-mail to the masses.
>
>If only X.509 weren't so darned ugly :-)
>
>Raph
How will users be made confident that the S/MIME crypto isn't somehow
compromised in these products? Vendor trust (I think not, with all the
government pressures)?
PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Snoop Daty Data | Internet: azur@netcom.com
Grinder |
Sacred Cow Meat Co. |
---------------------------------------------------------------------
Counter-cultural technology development our specialty.
Vote Libertarian.
Just say NO to prescription DRUGS.
"Of all tyrannies, a tyranny sincerely exercised for
the good of its victims may be the most oppressive."
-- C.S. Lewis
"Surveillence is ultimately just another form of media, and thus, potential
entertainment."
-- G. Beato
Thread
Return to October 1996
- Return to “Adam Shostack <adam@homeport.org>”
- Return to “azur@netcom.com (Steve Schear)”
Return to “Raph Levien <raph@cs.berkeley.edu>”
- 1996-10-10 (Thu, 10 Oct 1996 08:26:45 -0700 (PDT)) - Re: pgp, edi, s/mime - azur@netcom.com (Steve Schear)
- 1996-10-10 (Thu, 10 Oct 1996 09:19:42 -0700 (PDT)) - Re: pgp, edi, s/mime - Raph Levien <raph@cs.berkeley.edu>
- 1996-10-11 (Fri, 11 Oct 1996 07:51:05 -0700 (PDT)) - Re: pgp, edi, s/mime - Adam Shostack <adam@homeport.org>
- 1996-10-10 (Thu, 10 Oct 1996 09:19:42 -0700 (PDT)) - Re: pgp, edi, s/mime - Raph Levien <raph@cs.berkeley.edu>