[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pgp, edi, s/mime



ratak (Jason E.J. Manaigre) wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Mime-Version: 1.0
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
> 
> To: [email protected], [email protected]
> Date: Wed Oct 09 10:19:39 1996
> t:
> >
> > - S/MIME and PGP are the two leading candidates for encrypting EDI
> >  messages,
> > S/MIME inside the US, and PGP outside the US where S/MIME is unavailable.
> >
> 
>         How far along has S/Mime come now, can they offer the same key sizes
> as PGP...?

S/MIME has come a _long_ way. An earlier version (now called S/MIME 1.0,
although I'm not sure this is going to make it into any marketing
materials) had a couple of cryptographic problems compared with PGP.
Those problems have been fixed in version 2.0, which is expected shortly
(as an internet draft).

S/MIME 2.0 _defaults_ to 168-bit triple-DES, unless you're stupid enough
to use the export version. RSA key sizes up to 2048 bits are supported,
as are a number of alternate symmetric algorithms. In addition, digital
signatures are based on 160-biy SHA1, rather than 128-bit MD5, which is
half broken anyway.

In the meantime, Deming software is shipping a slick Windows
implementation of S/MIME, which integrates nicely with Eudora. Netscape
is expected to ship cross-platform S/MIME capability in version 4.0 of
Navigator (their original publicity materials were only off by a factor
of two ;-), and that will make a huge dent in the market.

In sum, S/MIME leaves PGP in the dust, both techically and as a market
force. There's still a lot of sentiment that PGP is one of "ours" and
S/MIME is one of theirs, but at this point it's the latter that has the
most promise of bringing encrypted e-mail to the masses.

If only X.509 weren't so darned ugly :-)

Raph