Netscape Mail Security and PGP Plugins
There hasn't been a lot of discussion on this list about the future of secure e-mail via Netscape. The most i've seen has come from Raph Levien on the standards battle between S/Mime and other various implementations including one using PGP. Raph has said at various Cypherpunks meetings now that( and not wanting to totally put words in his mouth) the PGP based implementations have lost ground to S/MIME. The reason I believe that this whole area has received so little quarter on the list is that either few people use Netscape for e-mail and that few people actually send encrypted e-mail. I'm going to try and put together a compendium of web links on this so it's a little easier to track the developments and various schemes. At the second to last Cypherpunks Bay Area meeting we had a discussion of crypto GUI's. It's my opinion that Netscape would be an excellent place to start because it does encryption relatively seemlessly. Incorporating S/MIME into the mail would be a great step forward in bringing easy crypto to the general community. Any PGP plugin I would hope eleviate the many UI problems PGP has. A couple of questions I have right off the bat are; 1. In Hal's Java mail encryptor, what are the legal aspects of sending code across that contains crypto? 2. Can any plugin access the Netscape Mail program. 3. When is S/MIME going to be in Netscape, I tried to find info on the web site but thier statements about S/MIME seem vague. I hope I'm not running over old ground, but this has to be alot more intresting than discussing that PBS show! Greg Kucharo sophi@best.com
Greg Kucharo wrote:
There hasn't been a lot of discussion on this list about the future of secure e-mail via Netscape. The most i've seen has come from Raph Levien on the standards battle between S/Mime and other various implementations including one using PGP. Raph has said at various Cypherpunks meetings now that( and not wanting to totally put words in his mouth) the PGP based implementations have lost ground to S/MIME.
I certainly believe this - PGP now has the first real challenge to its continued viability. I would like to emphasize (at the risk of repeating myself) that it now looks quite possible that the limitations of S/MIME that I discussed at the next-to-last cpunks meeting will be addressed. It hasn't been formally decided, though. I'd say this is an important opportunity for cypherpunks to make themselves heard. S/MIME as it is currently defined has severe implementation weaknesses. There are two concrete proposals on the table to fix these problems - lobbying the S/MIME people will help.
The reason I believe that this whole area has received so little quarter on the list is that either few people use Netscape for e-mail and that few people actually send encrypted e-mail.
Undoubtedly a combination of both.
I'm going to try and put together a compendium of web links on this so it's a little easier to track the developments and various schemes. At the second to last Cypherpunks Bay Area meeting we had a discussion of crypto GUI's. It's my opinion that Netscape would be an excellent place to start because it does encryption relatively seemlessly. Incorporating S/MIME into the mail would be a great step forward in bringing easy crypto to the general community. Any PGP plugin I would hope eleviate the many UI problems PGP has. A couple of questions I have right off the bat are;
1. In Hal's Java mail encryptor, what are the legal aspects of sending code across that contains crypto?
Almost undoubtedly still illegal, unless Pro-CODE passes.
2. Can any plugin access the Netscape Mail program.
No. As currently defined, the Netscape API does not export mail.
3. When is S/MIME going to be in Netscape, I tried to find info on the web site but thier statements about S/MIME seem vague.
I hear conflicting reports on this myself, but my best guess would be some time this fall - probably just a month or two before PGP 3.0 ships ;-)
I hope I'm not running over old ground, but this has to be alot more intresting than discussing that PBS show!
Agreed. Raph
At 10:01 PM -0700 6/15/96, Greg Kucharo wrote:
There hasn't been a lot of discussion on this list about the future of secure e-mail via Netscape. The most i've seen has come from
Folks might also want to look at the notes and discussion that took place, surrounding the February workshop put on by the Internet Mail Consortium. Check out the appropriate links under <http://www.imc.org>. This, of course, has nothing specific to netscape since it's browser appears as nothing more than one more Internet mail user agent. d/ -------------------- Dave Crocker +1 408 246 8253 Brandenburg Consulting fax: +1 408 249 6205 675 Spruce Dr. dcrocker@brandenburg.com Sunnyvale CA 94086 USA http://www.brandenburg.com Internet Mail Consortium http://www.imc.org, info@imc.org
participants (3)
-
Dave Crocker -
Greg Kucharo -
Raph Levien