Re: Problems with MSP
c.robbins (c.robbins@nexor.co.uk)
Fri, 16 Feb 1996 09:42:12 +0000
-----Multi-Part-Message-Level-1-1-7656
Content-Type: text/plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
> Without any X.400 experience, this is just speculation, but my guess is
>that translating all email back and forth between RFC 822 + MIME and X.400
>would be a nightmare, both in complexity and in user problems.
Nope, I have to disagree. I use a combination of X.400 and MIME all the time.
Just to prove the point, I've sent this message from an X.400 user agent (check
the SMTP received header lines), and attached a second X.400 body part. You
should see it as multipart MIME message.
For a user perspective, it all happens behind the scenes for me, I just send
the mail, the mail system decides on what conversion is needed and when. It
could not be easier.
>I'm sure
>this mailing list has someone who has implemented an X.400/Internet
>gateway and can tell us about it (for example, how many lines of code are
>in the product?).
Lines of code etc, is a tough one, as the MIME component is just one part of a
larger X.400 MTA environment. I'm not trying to hide anthing, I just don't
know.
This leads me on to what I really wanted to say. From my X.400 user agent, I
can use PGP and PEM today no problem. This works fine, as everything within a
single body part passes the gateway in tack, and can be verified. Check the
PGP signature on this message for example.
As soon as you start looking at S/MIME or MOSS, problems are introduced, as the
X.400 user agent has to start to worry about how things get manipulated in the
gateway. However, some experiments I did with multipart/secure messages,
suggest that using S/MIME or MOSS in an X.400 gateway would be possible if a
few simple constraints were placed on the gateway, and the user agent
I suggested this to the IETF MIXER WG, looking at standardising the MIME/X.400
gateway specs, and they were not too enthusiastic about the constraints idea.
However, it was pointed out, that if you start to think in terms of
multipart/encrypted the gateway problems actually start to get considerably
easier, as the gateway CANNOT interpret anything, all it can do is ship around
a lump of data.
Maybe this is where MSP can fit in.
This message started with the user aspects, and now I've moved onto MSP, I
would like to return to users. I have used MSP/X.400 security as well. From a
users perspective, I must say I preferred it to any of the other systems I have
used, but this is probably just a user agent issue.
Finally, I understand that MSP is designed to work within
the DMS infrastructure, and this is an X.400 environment. When you want to
send mail outside of X.400, you send your mail to the "MFI" or Multi Fuction
Interpretor, which could for example, gateway to MOSS or S/MIME or PGP or ...
To do this it has to be trusted, so that it can verify/decrypt messages, then
re-sign & encrypt as appropriate. Probably workable, but alas you have
to trust those gateways!
Colin
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMSRRXcOT/SH3UrIlAQGT+wP8DwIr/9s4kkwJQQURqUOyz2Zf79BFhlLo
pvSE9vxsvgIWyEjArZArbMRcFeYmnlA/jxv0fAnzjFOB5u7pcgdzIYzQ6YE+hExH
cZSf6egSSWl87sUQyRm5IljH+usevG26KbP2eHcLKd1ZFwitRt0LIN46iIxNORR2
LJgYda0rB40=
=6Iac
-----END PGP SIGNATURE-----
-----Multi-Part-Message-Level-1-1-7656
Content-Type: text/plain; charset="us-ascii"
Colin Robbins
Senior Technical Consultant
NEXOR Phone: +44 115 952 0583
PO Box 132 Fax: +44 115 952 0519
Nottingham email: C.Robbins@nexor.co.uk
NG7 2UU X.400: I=C;S=Robbins;o=NEXOR;P=NEXOR;A=ATTMAIL;c=GB
UK X.500: Colin Robbins, staff, NEXOR Ltd, GB
WWW: http://web.nexor.co.uk/users/cjr/cjr.html
-----Multi-Part-Message-Level-1-1-7656--