[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secured E-mail standard?

To: [email protected] (Morgan Davis)
Subject: Re: Secured E-mail standard?
From: [email protected]
Date: Mon, 26 Jul 93 07:14:54 EDT
Cc: [email protected]

	 Has a proposal been made to officially adopt a header field in
	 standard Internet mail messages that would essentially include
	 security signature information?  Something like:

		 X-Security-Type: PGP 1.0 X-Security-Code:
		 asdui&Dh1daOFajsFNOA...etc.

	 These generic field names would allow for various types of
	 security methods.  Most important, would make it a lot easier
	 for smart e-mail systems to recognize secured e-mail, with the
	 option of allowing the user to filter out such fields when
	 reading text.  The current scheme of having to "frame" the
	 content (plain text) and add the PGP signature is
	 distracting.

This won't fly for several reasons. 

First, X- implies a non-standard header.  Second, in the Internet world
PEM is on the standards track, and it uses a PGP-like encapsulation.
(More precisely, many facets of the PGP appearance were taken from PEM.)
PEM does provide for various security mechanisms, I should note, not
just the current RSA+DES.  Finally, the scheme which you label ``distracting''
(and I agree) was adopted because there's simply too much information
to put into headers in any comprehensible fashion, and to really
do the job properly requires an encoded (and hence unreadable) plaintext
of the message, independent of the encryption or signature algorithms.
(These folks worried, and rightly so, about character sets, gateways
that would add or drop trailing blanks or tabs, etc.)

Prev by Date: There's an echo here! There's an echo, hear?
Next by Date: Re: Tshirts(was Drug Joke
Prev by thread: Secured E-mail standard?
Next by thread: DARE T-shirts
Index(es):
- Date
- Thread