Re: Decision: Encryption Method/Product

[Dave Crocker <dcrocker@xxxxxxxxxxxxxxx>]

At 1:52 PM -0700 5/22/96, Steve Botts wrote:
>S/MIME as you point out is a standard. The standard specifies the use of
>various

	sigh.

	sorry to be a stickly on this point but I don't think that s/mime
yet qualifies as a standard.  the term usually is applied either to work
done by formal bodies or to a piece of technology that has gained
widespread use.  s/mime is neither, yet.  yes, all the vendor support is
encouraging, but the 'de facto' standard label doesn't get applied until
there is widespread use.  Use, not promise.

services.  Anyone can introduce security problems in their implementation
of ANYTHING, but as far as S/MIME goes, the problem is not likely to be in
the underlying encryption algorithms.  Which algorithm do you
>feel needs further testing?  RSA?  DES?  MD5?  RC2?  RC4?  -Steve

	As far as I'm aware, the algorithmic pieces are not in question.
"Merely" the systems integration which permits and demonstrates easy and
reliable interoperability.  Since s/mime implementations are now undergoing
interoperability testing, there is encouraging news, but the ultimate test
is, of course, fielded products interoperating at customer sites.  This is,
as we all know, quite different from controlled demos and tests.

d/

--------------------
Dave Crocker                                            +1 408 246 8253
Brandenburg Consulting                             fax: +1 408 249 6205
675 Spruce Dr.                                 dcrocker@brandenburg.com
Sunnyvale CA 94086 USA                       http://www.brandenburg.com

Internet Mail Consortium               http://www.imc.org, info@imc.org