In <199803100143.RAA29925@xxxxxxxxxxxxxxx>, on 03/09/98 at 05:39 PM, Paul Hoffman / IMC <phoffman@xxxxxxx> said: >And not needed. I take it you haven't been following the S/MIME working >group. None of the drafts for S/MIME v3 have mandated any proprietary >technology. The mandatory algorithms are the same as are proposed for >OpenPGP: Diffie-Hellman for key exchange and tripleDES for encryption. >The two groups are using different variants of each, but the requirements >are by and large the same. Well I think we have a *big* difference between S/MIME and OpenPGP here. With OpenPGP we have only one corporation (PGP Inc.) involved with legacy software, and they have made a strong effort to push it's user base away from proprietary algorithms (RSA) to unencumbered ones. In the S/MIME camp you have quite a different senario. You have several large corporations (Netscape, Microsoft, IBM/Lotus) all who have substantial investments in RSADSI software licenses. I hardly doubt that any of these companies will make any effort to move their users away from RSA. While it is true that the MUST requirements in the S/MIME v3 draft have been dropped you will not see any products on the shelf that do not support it. The only way to build crypto e-mail software using unencumbered algorithms is by using OpenPGP. While technically you can do it with S/MIME v3 you woun't be able to talk to anyone else. -- --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/esecure.html --------------------------------------------------------------- Tag-O-Matic: PATH=C:\DOS;C:\DOS\RUN;C:\WIN\CRASH\DOS;C:\ME\DEL\WIN
Attachment:
pgp00023.pgp
Description: PGP signature