At 12:54 PM 7/23/95, Bob Snyder wrote:
tcmay@sensemedia.net said:
With regard to SSL and Netscape not being open to outside developers, several leading e-mail outfits, including Qualcomm, Netscape, Frontier, etc., are working on an interoperable secure e-mail standard called "Secure/MIME," or "S/MIME."
Do you have sources for this information? MOSS is out there at least as a Internet Draft, and possibly further along, and Steve Dorner of Qualcomm, the original author of Eudora, is pretty active in the MIME community and I doubt he would support a second MIME type to do the same thing...
Some of you have expressed skepticism about the mention of "S/MIME." The longterm significance of S/MIME is debatable, of course. But here's the press release I got from Jim Bidzos: Date: Wed, 19 Jul 95 10:34:04 PDT From: jim@RSA.COM (Jim Bidzos) To: tcmay@sensemedia.net Subject: Integrating RSA into Netscape (Netnews and Mail) FYI... RSA News Release For information, contact: Patrick Corman or Lisa Croel Corman/Croel Marketing & Communications (415) 326-9648 or (415) 326-0487 Corman@cerf.net or Lcroel@mediacity.com Major Networking and Messaging Vendors Endorse Open Specification for Secure E-Mail S/MIME Based on RSA Public-Key Encryption Technology Redwood Shores, CA -- July 24, 1995 -- Several major networking and messaging vendors, in conjunction with leading cryptography developer RSA Data Security today announced their endorsement of a specification for interoperable e-mail security, to be known as "S/MIME", short for "Secure/Multipurpose Internet Mail Extensions". Several of the vendors announced plans to release S/MIME-compliant products next quarter. The S/MIME specification is based on the popular Internet MIME standard (RFC 1521), which provides a general structure for the content type of Internet mail messages and allows extensions for new content type applications... like security. S/MIME will allow vendors to independently develop interoperable RSA-based security for their e-mail platforms, so that an S/MIME message composed and encrypted on one vendor's application can be successfully received and decrypted on a different one. Major vendors who today announced support for the S/MIME secure interoperable e-mail plan include Microsoft, Lotus, Banyan, ConnectSoft, QUALCOMM, Frontier Technologies, Network Computing Devices, FTP Software, VeriSign, Wollongong, SecureWare and RSA. Sophisticated encryption and authentication technology has been viewed as the crucial enabling technology for electronic commerce over the World Wide Web -- but encryption has been slow to come to e-mail, with most packages offering no security whatsoever. "Commercial e-mail packages don't offer encryption because, up until now, there have been few open security specifications," said Jim Bidzos, RSA President. "Internet Privacy-Enhanced Mail (PEM) is excellent for text-based messages. MIME represents the next generation, and has been widely adopted because of its ability to handle nearly any content type. The new S/MIME allows you to secure this rich content." Today's flurry of official endorsements from industry bodes well for the S/MIME plan. "We fully expect S/MIME to be the defacto standard for vendor-independent e-mail encryption. Solid encryption is something that our customers have been asking us for, but up until now, we didn't have a viable option. S/MIME gives them everything they want: RSA encryption, digital signatures, and the ability to mix different vendors' e-mail systems without losing that security," said Bob Dickinson, ConnectSoft Vice President and General Manager Consumer Online Products & Services Division. "Frontier Technologies believes that in the future most companies will routinely encrypt electronic mail messages sent over the public Internet," said Dr. Prakash Ambegaonkar, Frontier Technologies' president. "This will only happen once there is a well-understood standard for secure e-mail that is easy to implement. Frontier has several years experience in developing secure e-mail solutions. In order to speed the adoption of the S/MIME specification, Frontier Technologies intends not only to be one of the first vendors to support S/MIME in its networking software, but to also make our initial implementation of the S/MIME protocol freely available for other vendors to use as a reference." "The freedom to have a private conversation is fundamental to personal communication that is the essence of electronic mail," said John Noerenberg, Director of Engineering for QUEST products at QUALCOMM. "Wide-spread acceptance of specs like S/MIME make it possible for individuals and organizations alike to conduct their business over the net secure in the knowledge that their private business is, in fact, private." "FTP Software is glad to endorse the S/MIME blueprint for secure electronic communication," said John O'Hara, director of development for FTP Software. "Whether communicating with customers, business partners or remote offices, companies need to ensure that confidential information stays confidential. This was difficult in the past, since organizations are connected through diverse messaging systems from competing vendors. S/MIME eliminates those barriers by facilitating implementations across multiple vendor products." "Network Computing Devices is commited to answering market demand for network information access software providing an even higher level of protection and interoperability over LANs and across the Internet," said Mike Harrigan, co-founder and vice president of NCD. "S/MIME will further enhance our customers' ability to utilize our e-mail solution, Z-Mail, and Internet navigation software tool, Mariner, in such a secure networked environment. For this reason we fully intend to support the specification provided by S/MIME within the next quarter." This wll be an exciting catalyst for the rapid deployment of secure, interoperable e-mail from most of the industry leaders," said Web Augustine, VeriSign vice president of marketing & business development. "VeriSign is committed to making our Digital ID services available to all companies that implement S/MIME and desire to work with a trusted third-party to certify public keys for their end-users." S/MIME is based on the intervendor PKCS (Public Key Cryptography Standards) which were established by a consortium of RSA, Microsoft, Lotus, Apple, Novell, Digital, Sun and the Massachusetts Institute of Technology in 1991. PKCS is the most widely implemented suite of commercial cryptographic standards in the United States. The common PKCS specifications allow developers to independently develop secure applications that will interoperate with other PKCS-secured applications. Developers interested in S/MIME can get more information at RSA's web site, at http://www.rsa.com, in the "What's New" section. RSA Data Security is the world's "brand name" for cryptography, with over 10 million copies of RSA encryption and authentication technologies installed and in use worldwide. RSA technologies are part of existing and proposed standards for the Internet and World Wide Web, CCITT, ISO, ANSI, IEEE, and business, financial and electronic commerce networks around the globe. The Company develops and markets platform-independent developer's kits, end-user products, and provides comprehensive cryptographic consulting services. Founded in 1982 by the inventors of the RSA Public Key Cryptosystem, the company is headquartered in Redwood City, California. S/MIME Vendor Contacts: Connectsoft Tamese Robinson 206/450-9965 Frontier Dennis Freeman 414/241-4555 FTP Software Jill Dudka 508/659-6458 Qualcomm John Noerenberg 619/597-5103 Microsoft Tom Johnston 206/936-3233 Lotus Kevin Kosh 617/860-5632 Wollongong Bob Brodie 415/962-7203 Banyan Jay Seaton 508/898-1000 NCD Mike Harrigan 415/694-0663 SecureWare David Luther 404315-6295 VeriSign Web Augustine 415/508-1151 ### RSA Public Key Cryptosystem and PKCS are trademarks of RSA Data Security, Inc. All other product or company names are trademarks of their respective corporations.