ratak (Jason E.J. Manaigre) wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit
To: jubois@netcom.com, cypherpunks@toad.com Date: Wed Oct 09 10:19:39 1996 t:
- S/MIME and PGP are the two leading candidates for encrypting EDI messages, S/MIME inside the US, and PGP outside the US where S/MIME is unavailable.
How far along has S/Mime come now, can they offer the same key sizes as PGP...?
S/MIME has come a _long_ way. An earlier version (now called S/MIME 1.0, although I'm not sure this is going to make it into any marketing materials) had a couple of cryptographic problems compared with PGP. Those problems have been fixed in version 2.0, which is expected shortly (as an internet draft). S/MIME 2.0 _defaults_ to 168-bit triple-DES, unless you're stupid enough to use the export version. RSA key sizes up to 2048 bits are supported, as are a number of alternate symmetric algorithms. In addition, digital signatures are based on 160-biy SHA1, rather than 128-bit MD5, which is half broken anyway. In the meantime, Deming software is shipping a slick Windows implementation of S/MIME, which integrates nicely with Eudora. Netscape is expected to ship cross-platform S/MIME capability in version 4.0 of Navigator (their original publicity materials were only off by a factor of two ;-), and that will make a huge dent in the market. In sum, S/MIME leaves PGP in the dust, both techically and as a market force. There's still a lot of sentiment that PGP is one of "ours" and S/MIME is one of theirs, but at this point it's the latter that has the most promise of bringing encrypted e-mail to the masses. If only X.509 weren't so darned ugly :-) Raph