[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The Cypherpunks Mail Project

Eric Hughes writes:

>It has become clear from the discussions on the list here that the
>first step should be encrypted e-mail.  Unfortunately, mail is not
>homogeneous; there is no one place to push on the mail system to add

I may disagree with this (I say, "I may" as there are many sides to this
compicated issue, but the side I currently agree with I will state here)
and I hesitate to bring this up as I don't want to slow down the (imo) 
much-needed development of encrypted mailers.  But I think that an 
approach may exist that has better long-term consequences than the one
that advocates shoe-horning PGP into every mailer.

There is an attempt to to create a new mail standard on top (or next to)
the current so-called RFC-822 mail standard that will allow multi-part
typed messages.  This proposed standard, known as MIME (for Multipurpose
Internet Mail Extensions) is nearly complete and will allow rich text,
binary and other formats to be included in a single internet mail message.
There has been a disagreement between the PEM (Privacy Enhanced Mail) and
MIME communities as to which should be integrated into the other;  simply
put, the PEM folk feel that you simply encrypt an entire MIME message, and
the MIME folk think that PEM messages are just another one of the many
types of content parts that a MIME message can contain.

I tend to agree with the latter camp, as it appears to be more flexible.
For example, what happens if I wish to start communications with someone
using a different standard than PGP (gasp - they may be using RSA's
mailsafe), or even a newer, perhaps incompatible version of PGP?  Or 
maybe I want to send them a message partly encrypted and partly in the 
clear?  MIME is designed to handle these scenarios (and more).

I must admit that this thought coalesced in my head due to the confluence 
of two different streams of communications both heading towards this
solution at the same time:

1)  I asked Steve Dorner (author of the excellent Eudora Macintosh email 
    reader) if he was considering adding encryption to his mailer 
    (specifically PGP) and he replied no, but that he was integrating 
    MIME into it;
2)  The pem-dev email list, which has been discussing threads on PGP and 
    MIME, recently carried an interesting proposal on MIME-PEM integration
    (though I expect to see the other camp come out with their PEM-MIME 
    integration plan soon!).
I think this latter document is excellent reading, and I will forward it 
in a followup message to this one.  By the way, it has a short set of six
references that I consider required reading for anyone interested in doing
serious work on Internet mailers.

In case all this is new to you, I've included at the bottom a blurb from
the RFC-index explaining how to find these RFCs and more.

My $0.02.

Many RFCs are available online; if not, this is indicated by (Not online). 
Online copies are available via FTP or Kermit from NIC.DDN.MIL as 
rfc/rfc####.txt or rfc/rfc####.PS (#### is the RFC number without leading 

Additionally, RFCs may be requested through electronic mail from the
automated NIC mail server by sending a message to [email protected]
with a subject line of "rfc ####" for text versions or a subject line
of "rfc ####.PS" for PostScript versions.  To obtain the RFC index,
the subject line of your message should read "rfc index".