Re: MOSS vs. S/MIME vs. PGP/MIME Matrix

[drummond@xxxxxxxxxx (Rik Drummond)]

Your questions are not dumb....keep them up....do you wish to help me edit
the matrix and take comments....I am doing it alone at the moment.....Could
use your help...my comments are below in the text...later...rik



>Rik:
>
>Some more matrix questions if you don't mind:
>
>Row 2: "Easily integrated into products in a user transparent manner," for
>which there is a "no" fo pre 3.0 version for PGP/MIME. Does this mean the
>API for including PGP/MIME in products stinks (is not so easy)? I think
>the "user transparent manner" phrase is throwing me off.

yes is not easy to use...


>
>13: "Coexistence with others for reception of MIME multipart/signed data"
>Could you explain this one? Does it mean it can accept other MIME based
>e-mail solutions, such as a PGP/MIME implementation accept a MOSS message?
>If so, what would it be able to do with it, just pass it along?

It means (obviously it is not clear) that if I send a multipart/signed your
reader can read  the data, just not the signature.


>
>15. "Signed message body readable by MIME readers." Explain... How different
>from 13?

The same as 13.....just a different phasing....some transient duplication
is normal as you build a matrix from a lot of comments...



>18 "Signature separate from signed document." Does this mean that you can
>sign a hash as opposed to signing the whole document?

This means the signature can be separate from the document.....can be sent
separately....and that multible non-nested signatures may be
used.....vs....have one signature, then the whole thing signed by another,
etc...

>
>26. "Adequate Security for EDI" Does this mean it supports all the
>recommendations
>such as algorithms to use, key lengths, etc, in your RFC draft?

No it means that we as a group believe it has adequate security...as
defined by our discussion and our initial requirments generated back in
Feb.


>
>28 "Solid MIME integration" If they're all proposals which integrate MIME
>into the security protocol, what is this telling us additional; i.e.,
>why wouln't they be solidly integrated with MIME. I understand MSP is
>basically intended for X.400. Is this the reason for the row?


Yes and to allow comments about how well S/MIME in integrated with
MIME....some would say not well.



>
>33. "Common algorithms with AUTACK" Does this mean that the protocol
>supports the same algorithms that AUTACK supports. If doing encryption
>outside the EDI interchange, why do we care?
>
>Lastly, you have a column for DMS. While I initially had no clue what that
>was, I have learned that it is a program by the military (Defense Messaging
>System) for secure e-mail. The "protocol" within DMS, is MSP. As the
>DMS gov't program is not a protocol, don't you think at column should be
>MSP?


Defense Messaging System....I called it that because PGP, and S/MIME are
not protocols they are product implementations set upon protocols.....DMS
is more like a product...... MSP either works for me at the moment...

>
>I apologize again for any dumb questions. It's late (no excuse), and
>all these protocols have been driving me crazy of late?

Your questions are not dumb....keep them up....do you wish to help me edit
the matrix and take comments....I am doing it alone at the moment.....Could
use your help.


>
>Jeannine Lonski
>pkqjs@ctt.bellcore.com
>not

------------------------------------------------------
|         Rik Drummond - The Drummond Group         |
|   5008 Bentwood Ct., Ft. Worth, TX 76132 USA  |
|        Voice: 817 294 7339    Fax: 817 294 7950     |
------------------------------------------------------