[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RIPEM vs PEM

To: <[email protected]>
Subject: RIPEM vs PEM
From: Hal <[email protected]>
Date: 15 Jan 93 12:59:47 EST

There is a little confusion here between RIPEM and PEM.  PEM is the 
"official" Internet standard for Privacy Enhanced Mail.  An implementation 
is in beta test right now, and uses a centralized certificate hierarchy for 
all keys.  Everyone has to have their keys signed by an agency which is 
authorized by RSADSI (at least according to the Internet drafts I have, 
which are several months old).  Typically, that agency would be your 
company or your school, because they are in a position to vouch for your 
identity.  There is a provision, though, for pseudonymous keys to be 
issued, although they would be clearly marked as such.
 
RIPEM is Mark Riordan's public-key program.  It is similar to PEM, but does 
not use the PEM certificates and therefore does not require people to have 
their keys signed by an agency.  It is not really PEM compatible. It does 
use the RSAREF public-domain encryption package, so it is legal for non-
commercial use in the U.S. and Canada.
 
What I suggested was the use of RIPEM since it is available now, is legal, 
and is free.
 
Note, though, that whether RIPEM or PGP is used, they are only for non- 
commercial use.  A remailer that wanted to charge, such as the ones that 
Eric Messick is discussing, would probably have to license the technology 
from PKP directly to be legal.  (I'm not sure whether PEM also is limited 
to non-commercial use.)
 
Hal Finney
[email protected]

Follow-Ups:
- RIPEM vs PEM
  - From: Eric Hughes <[email protected]>

Prev by Date: Re: possible solution to the anonymous...
Next by Date: more on security/obscurity/reality
Prev by thread: Whitfield Diffie gets award
Next by thread: RIPEM vs PEM
Index(es):
- Date
- Thread