Clarifying controversial criteria

Raph Levien (raph@c2.org)
Tue, 12 Mar 1996 13:04:54 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brad Knowles: "Re: Draft of workshop notes"
Previous message: Housley, Russ: "Re: Draft of workshop notes"

   Thanks to everyone who has commented on my proposed criteria. The fact 
that there is this much controversy is a sign that the criteria were too 
ambiguous and need clarifying. I appreciate having this pointed out.

   After thinking it over a bit, I believe that the best way to get around 
the ambiguity is to define them in terms of implementations. Thus, I'd 
like to withdraw the previous criteria definitions and replace them with 
the following:

Interoperaility

There exists some algorithm set contained in all implementations of the 
protocol.

Secure Interoperability

There exists some algorithm set which is both contained in all
implementations of the protocol and is considered secure by modern
cryptographic practice, as exemplified in part by the BSA recommendations
on minimum keylength. 

Exportability

There exists an implementation of the protocol which can be exported 
legally from the United States.


   Given these definitions, this matrix follows naturally:

                     PGP  MOSS  PGP/MIME  S/MIME  MSP
      Interoperable   +   ?(1)     +        +
      Secure Int      +            +
      Exportable                            +      +

?(1) = I'm guessing that this should be blank, based on the assumption 
that the MOSS + Fortezza implementation does not also implement RSA + 
DES. Please correct me if I am wrong.

PGP and PGP/MIME get +, +, blank because 2048 bit RSA + 128 bit IDEA is 
secure, and is contained in all PGP implementations.

S/MIME gets +, blank, + because 40 bit RC2 is required by the spec to be 
present in all S/MIME implementations, but it is not secure. RSA + 
Triple-DES is secure, but absent in some implementations.

MSP gets blank, blank, + because there are at least two non-interoperating
implementations of MSP: one with Fortezza and one with RSA + DES. The 
Fortezza implementation is exportable.

   I believe that the criteria capture aspects of the protocols that are 
extremely important to end users. Specifically, two MSP users have no 
guarantee of being able to communicate. Two S/MIME users do have a 
guarantee, but it is likely that the communication will not be secure, 
particularly when either of the two parties has an export version of the 
email client. PGP users are guaranteed both interopability and security 
(modulo other security problems in the implementation, etc.).

   I concede that by defining the criteria in terms of implementations, I 
may not be describing inherent qualities in the protocol, and may have 
even captured marketing distinctions as opposed to technical ones. Even 
so, I argue that the distinctions are important to users.

Raph

Next message: Brad Knowles: "Re: Draft of workshop notes"
Previous message: Housley, Russ: "Re: Draft of workshop notes"