Adam wrote:
Which is too bad. If NAI-PGP went away completely, then compatability problems would be reduced. I also expect that the German goverment group currently funding GPG would be more willing to fund UI work for windows.
Tell me about it. PGP, GPG, and all its variants need to die before S/MIME will be able to break into the Open Source community, thus removing the last, but persistent, block to an instant increase in number of potential users of secure email by several orders of magnitude. Here's to hoping, --Lucky
On Thu, May 23, 2002 at 12:24:00AM -0700, Lucky Green wrote: | Adam wrote: | > Which is too bad. If NAI-PGP went away completely, then | > compatability problems would be reduced. I also expect that | > the German goverment group currently funding GPG would be | > more willing to fund UI work for windows. | | Tell me about it. PGP, GPG, and all its variants need to die before | S/MIME will be able to break into the Open Source community, thus | removing the last, but persistent, block to an instant increase in | number of potential users of secure email by several orders of | magnitude. Are you claiming that S/mime no longer has the enourmous compatability problems it used to have? Is there any Open source implementation of the protocol? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
At 10:34 AM -0400 5/23/02, Adam Shostack wrote:
On Thu, May 23, 2002 at 12:24:00AM -0700, Lucky Green wrote: | Adam wrote: | > Which is too bad. If NAI-PGP went away completely, then | > compatability problems would be reduced. I also expect that | > the German goverment group currently funding GPG would be | > more willing to fund UI work for windows. | | Tell me about it. PGP, GPG, and all its variants need to die before | S/MIME will be able to break into the Open Source community, thus | removing the last, but persistent, block to an instant increase in | number of potential users of secure email by several orders of | magnitude.
Are you claiming that S/mime no longer has the enourmous compatability problems it used to have?
Is there any Open source implementation of the protocol?
Try <http://www.imc.org/imc-sfl/index.html>. For some definitions of open source, it qualifies. -- -- Marshall Marshall Clow Idio Software <mailto:marshall@idio.com> My name is Bobba Fett. You killed my father, prepare to die!
On Thu, 23 May 2002 10:34:22 -0400, Adam Shostack said:
Is there any Open source implementation of the protocol?
Well, there is a Free Software implementation called NewPG which provides a backend called gpgsm - very similar to gpg. It is currently under development but we already exchanged encrypted messages with proprietary implementations. This backend will eventually be included with gpg. It does not yet work for Windows but making it work won't be very difficult. Like gpg, gpgsm does not handle the MIME encapsulation because this is something a MUA can handle much better. We have support for KMail and Mutt in the works and adding it to Sylpheed will be easy. See: http://www.gnupg.org/aegypten/ I don't suggest to use S/MIME; however in some domains (law conforming digital signatures) there is currently no alternative for it. Salam-Shalom, Werner
-- On 23 May 2002 at 0:24, Lucky Green wrote:
Tell me about it. PGP, GPG, and all its variants need to die before S/MIME will be able to break into the Open Source community, thus removing the last, but persistent, block to an instant increase in number of potential users of secure email by several orders of magnitude.
My impression is that S/MIME sucks big ones, because it commits one to a certificate system based on verisign or equivalent. I have been the verisign administrator at several companies, and there is no way that bird will fly. The verisign system is just barely tolerable for identifying authorized web sites and software. For identifying individuals, forget it. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG CXACCdVytBDJ5TDVZ2+IV9xP4c3QRpRxP+JoLBdL 4w44ULlzkb4jKH9nuzpy/Mlxl8CctM+OYZoZEhO8H
On Fri, May 24, 2002 at 11:17:08AM -0700, jamesd@echeque.com wrote:
-- On 23 May 2002 at 0:24, Lucky Green wrote:
Tell me about it. PGP, GPG, and all its variants need to die before S/MIME will be able to break into the Open Source community, thus removing the last, but persistent, block to an instant increase in number of potential users of secure email by several orders of magnitude.
My impression is that S/MIME sucks big ones, because it commits one to a certificate system based on verisign or equivalent.
It uses X.509, which is supposed to be a hierarchical certificate system. Verisign is just the dominant X.509 CA. But as others have pointed out, its possible to become one's own X.509 CA and issue oneself certs. Netscape and IE browsers will accept certs from completely made up CAs. You might have to click on a few "do you really want to do this" dialog boxes but that's it. All you need is a copy of Openssl and directions off a web site.. Additionally, there is nothing that prevents one from issuing certs that can be used to sign other certs. Sure, there are key usage bits etc but its possible to ignore them. It should be possible to create a PGP style web of trust using X.509 certs, given an appropriate set of cert extensions. If Peter can put a .gif of his cat in an X.509 cert there's no reason someone couldn't represent a web of trust in it. Each user would self-sign their cert. Or self-sign a CA cert and use that to sign a cert, same thing. Trust would be indicated by (signed) cert extensions that indicate "I trust Joe Blow X amount as a signer of keys". Each time you added a trust extension you would generate a new cert using the same key. Each trust extension would indicate the entity, their key id (hash of public key), and the degree of trust. When you added a trust extension you'd give a copy of the enw cert to the entity you just added. They can then append these certs onto their cert when they authenticate to someone. When authenticating, you verify the other guys cert, something he signed with his private key, then all the other people's certs that he sends in addition to his own, all of which attest to his trustworthiness. Ideally, you also trust some of the same people, so you now have their signed "statements" attesting to a degree of trust in the new guy. [note, there's probably a conceptal flaw in this since I'm loopy from allergy drugs today and probably not thinking as clearly as I think I am, so be polite when you point out my error. In any case, the point is that its possible to do a web of trust in x.509, not that I have a fully formed scheme for implementing it] Since all this is in X.509, S/MIME MTAs accept it (unless they are programmed to not accept self-signed CAs, in which case your MTA is a slave to Verisign et. al). You'd need an external program to verify the web of trust, but that's about it. And to be honest, exactly zero of the PGP exchanges I have had have actually used the web of trust to really verify a PGP key. I've only done it in testing. In the real world, I either verify out of band (i.e. over the phone) or don't bother if the other party is too clueless to understand what I want to do and getting them to do PGP at all has already exausted my paticnce. But why bother? Even if I could do this X.509 web of trust tomorrow, no one besides a few crypto-geeks would use it. People just don't give a shit about other people reading their email. Most people can't even be bothered to use a decent password or shred their credit-card statements. Only criminals have anything to hide, right? -- Eric
On Fri, May 24, 2002 at 04:40:36PM -0700, Eric Murray wrote:
Additionally, there is nothing that prevents one from issuing certs that can be used to sign other certs. Sure, there are key usage bits etc but its possible to ignore them.
The S/MIME aware MUAs do not ignore the trust delegation bit. Therefore you can not usefully sign other certs with a user grade certificate from verisign et al. If you make your own CA key (with the trust delegation bit set) and self-sign it, S/MIME aware MUAs will also flag signatures made with it as invalid signatures because your self-signed "CA" key is not signed by a CA in the default trusted CA key database.
It should be possible to create a PGP style web of trust using X.509 certs, given an appropriate set of cert extensions. If Peter can put a .gif of his cat in an X.509 cert there's no reason someone couldn't represent a web of trust in it.
While it is true that you can extend X.509v3 I don't see how useful it would be to add a WoT extension until it got widely deployed. Recipient MUAs will at best ignore your extensions, and worse will fail on them until support for such an extension is deployed. I view the chances of such an extension getting deployed as close to nil. The S/MIME MUA / PKI library / CA cartel has a financial incentive to not deploy it -- as they view it as competition to the CAs business. Adam
-- Having been the verisign guy at a couple of companies, it appears to me that the administrative costs of both models are unacceptably high. The hierarchical verisign model is useful when one wishes to verify that something comes from a famous and well known name -- that this software really is issued by Flash, that this website really does belong to the Bank of America. In this case, however, only famous and well known names need their keys from verisign. No one else needs one. When one wishes to know one is really communicating with Bob, it is best to use the same channels to verify this is Bob's key, as one used to verify that Bob is the guy one wishes to talk to. The web of trust, and Verisign, merely get in the way. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG xkCkA0o8/Z61jfLQ1GxttqqvOUL5cRcKXhnoSRp2 4530ol1PGEfGac3Gmk2JosCmoRLyj96HAEp0EUGLT
(in response to a topic mentioned in various threads) I agree that neither CA-verification nor WoT-verification is as useful as Key Fingerprint-verification for secure communication between crypto-aware individuals. After all, CA's can be subverted and WoT is probably best used as a back-up option when direct key verification is not possible. Key Fingerprints can be verified in both PGP and S/MIME, but neither system enforces it. I would prefer for Key Fingerprint-verification to be more central to the system. --- jamesd@echeque.com wrote: ...
The hierarchical verisign model is useful when one wishes to verify that something comes from a famous and well known name --that this software really is issued by Flash, that this website really does belong to the Bank of America. In this case, however, only famous and well known names need their keys from verisign. No one else needs one.
When one wishes to know one is really communicating with Bob,
it is best to use the same channels to verify this is Bob's key, as one used to verify that Bob is the guy one wishes to talk to. The web of trust, and Verisign, merely get in the way. ...
--- Eric Murray <ericm@lne.com> wrote: ...
And to be honest, exactly zero of the PGP exchanges I have had have actually used the web of trust to really verify a PGP key. I've only done it in testing. In the real world, I
either verify out of band (i.e. over the phone) or don't bother if the other party is too clueless to understand what I want to do and getting them to do PGP at all has already exausted my paticnce. ...
===== end Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
participants (8)
-
Adam Back -
Adam Shostack -
Curt Smith -
Eric Murray -
jamesd@echeque.com -
Lucky Green -
Marshall Clow -
Werner Koch