[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape Mail Security and PGP Plugins



Greg Kucharo wrote:
> 
> There hasn't been a lot of discussion on this list about the future
> of secure e-mail via Netscape. The most i've seen has come from
> Raph Levien on the standards battle between S/Mime and other various
> implementations including one using PGP. Raph has said at various
> Cypherpunks meetings now that( and not wanting to totally put words in
> his mouth) the PGP based implementations have lost ground to S/MIME.

I certainly believe this - PGP now has the first real challenge to its
continued viability.

I would like to emphasize (at the risk of repeating myself) that it now
looks quite possible that the limitations of S/MIME that I discussed at
the next-to-last cpunks meeting will be addressed. It hasn't been
formally decided, though. I'd say this is an important opportunity for
cypherpunks to make themselves heard. S/MIME as it is currently defined
has severe implementation weaknesses. There are two concrete proposals
on the table to fix these problems - lobbying the S/MIME people will
help.

>  The reason I believe that this whole area has received so little
> quarter on the list is that either few people use Netscape for e-mail
> and that few people actually send encrypted e-mail.

Undoubtedly a combination of both.

>  I'm going to try and put together a compendium of web links on this
> so it's a little easier to track the developments and various schemes.
>  At the second to last Cypherpunks Bay Area meeting we had a discussion
> of crypto GUI's. It's my opinion that Netscape would be an excellent
> place to start because it does encryption relatively seemlessly.
> Incorporating S/MIME into the mail would be a great step forward in
> bringing easy crypto to the general community. Any PGP plugin I would
> hope eleviate the many UI problems PGP has.
>  A couple of questions I have right off the bat are;

>  1. In Hal's Java mail encryptor, what are the legal aspects of
> sending code across that contains crypto?

Almost undoubtedly still illegal, unless Pro-CODE passes.

>  2. Can any plugin access the Netscape Mail program.

No. As currently defined, the Netscape API does not export mail.

>  3. When is S/MIME going to be in Netscape, I tried to find info on the
> web site but thier statements about S/MIME seem vague.

I hear conflicting reports on this myself, but my best guess would be
some time this fall - probably just a month or two before PGP 3.0 ships
;-)

>  I hope I'm not running over old ground, but this has to be alot more
> intresting than discussing that PBS show!

Agreed.

Raph