Re: the 8-bit dilemma

Barton E. Schaefer (schaefer@z-code.ncd.com)
Mon, 26 Feb 1996 17:24:20 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Brad Knowles: "Re: the 8-bit dilemma"
Maybe in reply to: Michael Elkins: "the 8-bit dilemma"

On Feb 26,  3:29pm, Michael Elkins wrote:
} Subject: the 8-bit dilemma
}
} I would argue that "object-based" security is not the right approach for
} what we are attempting to accomplish.  I see that as a more specific
} application that should be defined elsewhere (I can see that it would be
} useful for some applications).  However, e-mail (and even http) are very
} much transport oriented, and "message-based" security seems much more
} appropriate.

I agree with this assessment, but I wonder to what degree the average
user would be able to understand the distinction.  The line is further
blurred because of the increasing tendency to treat email as merely a
component of a larger object-transfer system; witness MS Exchange and
Lotus Notes, neither of which restricts the contents of a "mailbox"
to objects of type "email message".  These kinds of systems strongly
prefer an object-based model (for any sort of processing, not just
security) within their semi-closed universes, and only interoperate
with conventional Internet mail if it's possible to convert an object
into a message.  

This almost amounts to taking all the problems that have been discussed
in relation to gateways, and moving them down to the user agent.  The
main difference is that a *sending* user agent presumably has access to
the tools necessary to convert to the approach most appropriate for the
transport.  A *receiving* UA can do something sensible in either case,
but still can't convert between them any more than could a gateway.

(That last turns out to be little more than a restatement of a lot of
the issues raised by the IMAP constituency.)

It seems to me that digital signatures are more likely to be applicable
in the "message-based" context than is encryption.  It doesn't matter
much whether you're encrypting a "raw" object or a MIME encapsulation
of an object, except insofar as you want to hide the type of the data.
Either way you can view the encrypted thing as an object (rather than
as a message).  You're just told a bit more about it in one case.  For
a signature, on the other hand, it's important both to be able to act
on the type (or sender) information in the MIME (or 822) encapsulation
and to know that the type information is authentic.

Perhaps this is why we relatively easily argreed upon multipart/signed,
but left multipart/encrypted dangling.

Should we, therefore, be concentrating on message-based signatures but
object-based encryption?  And when the desire is to first sign and then
encrypt, as in the secure-mailing-list-exploder example, the encryption
rules should apply?  (Perhaps with the restriction or strong suggestion
that the object to be encrypted should be a signed MIME encapsulation.)

-- 
Bart Schaefer                     Vice President, Technology, Z-Code Software
schaefer@z-code.com                  Division of NCD Software Corporation
http://www.well.com/www/barts

Previous message: Brad Knowles: "Re: the 8-bit dilemma"
Maybe in reply to: Michael Elkins: "the 8-bit dilemma"