Re: Comments on IETF-EDIINT security decision matrix
Raph Levien (raph@cs.berkeley.edu)
Wed, 05 Jun 1996 09:01:43 -0400
Dave Darnell wrote:
> I really appreciate your feedback -- excellent info!
Thanks!
> In fact, Rik and I were talking on the phone about some of this just this
> morning.
>
> Your item 5. is especially helpful in that I suspected the same of the
> S/MIME spec:
>
> >5. Section 26 (adequate security for EDI purposes) has
> >S/MIME and MOSS reversed. MOSS does _not_ have the problem
> >that encrypted-only and encrypted-and-signed messages can be
> >distinguished. S/MIME is the one that has that problem. In
> >fact, the problem is quite a bit worse: it is possible to
> >determine the identity of the signatories in S/MIME
> >encrypted-and-signed messages. This could be a serious
> >problem for EDI applications.
> >
>
> I agree - IMHO - THIS IS A SERIOUS PROBLEM FOR EDI APPLICATIONS!
Good. If there is widespread agreement on this point, then there is a
good chance that the S/MIME people will make the necessary changes to
fix it.
> Please clear up something for me:
>
> I thought PEM had this problem also. Was this fixed in the MOSS spec?
Yes and yes. In fact, compatibility with PEM is one of the major
reasons why S/MIME has the problem. S/MIME is based on PKCS #7, which in
turn was designed to be "cryptographically compatible" with PEM, at
least for the signed and signed-and-encrypted message formats (PEM did
not include an encrypted-only message format).
This was one of the technical points that the MOSS people set out to
fix. Overall, the MOSS people did an excellent job in fixing the various
technical problems of PEM, especially the message formats, but,
unfortunately, there is a lot more work that needed to be done in order
to make a complete encryption system work, and it just didn't happen
with MOSS.
> Is my information wrong about PEM?
No. Your information is correct.
> Appreciate any further comments you can contribute.
Glad if I can help make things clearer.
Raph