At 04:55 PM 2/22/96 -0800, Raph Levien <raph@c2.org> wrote:

The biggest problem with S/MIME is that the signed and encrypted format reveals who made the signatures. Obviously, this has severe consequences for anonymous mail. Believe it or not, a lot of people care. For example, the car manufacturers do not wish to broadcast the email addresses of their employees over the net. One technical workaround is to do it the MOSS way - first, sign the message, resulting in an intermediate S/MIME message, then encrypt that into a second S/MIME message. I'd recommend that implementors make provisions for such recursive formats; I think it's likely that we'll see a lot of these on the Net.

Recursive-capable formats are clearly the way to go; the difficult problem is deciding how many layers of recursion to do while decoding (e.g. all the way down, or one layer at a time asking the user for each round), which is largely a user-interface issue rather than a platform issue, though it also lets you build limited-purpose tools instead of an all-singing, all-dancing camel of a platform. Unfortunately, the formats being considered give you too much known plaintext to make triple-encryption a useful way around the 40-bit-key silliness. */MIME has MIME headers, PGP has the (expendable but present) ------BEGIN. A new MIME header like X: parameters where parameters are ignored would limit you to three bytes of known plaintext, which is at least a start.

The prevailing philosophy of the PGP people is that the PGP application itself should not decode MIME formats - that should be the job of a separate application. It seems to me that this is going against the tradition, though. In the past, if you got a PGP message, you just ran it through PGP. Now you won't be able to do that.

The prevailing philosophy is also that we need to build an API toolkit so PGP components can be easily included into programs. This means that PGP will inherently no longer be able to decode all the PGP-based messages, which may have different layers of other material wrapped around them. PGP/MIME is probably one of the better excuses for doing so, as are improved keyring-handling applications.

Earlier, I mentioned that two and a half protocols survived the day. The remaining one is MSP. It's actually not a bad protocol.

Where can we find the new specs for MSP?

It was announced that there will be a free reference implementation of MSP, available to US citizens. Will it be GAK-enabled?

#-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215 # http://www.idiom.com/~wcs Pager +1-408-787-1281