Re: Last Call: MIME Security with Pretty Good Privacy (PGP) to Proposed Standard
Ned Freed <Ned.Freed@innosoft.com> Thu, 25 April 1996 23:36 UTC
Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa29197; 25 Apr 96 19:36 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa29192; 25 Apr 96 19:36 EDT
Received: from ietf.cnri.reston.va.us by CNRI.Reston.VA.US id aa19623; 25 Apr 96 19:36 EDT
Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa29169; 25 Apr 96 19:36 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa29108; 25 Apr 96 19:34 EDT
Received: from THOR.INNOSOFT.COM by CNRI.Reston.VA.US id aa19588; 25 Apr 96 19:34 EDT
Received: from INNOSOFT.COM by INNOSOFT.COM (PMDF V5.0-7 #8694) id <01I3YKSFQFO09AMM6D@INNOSOFT.COM>; Thu, 25 Apr 1996 16:33:28 -0700 (PDT)
Date: Thu, 25 Apr 1996 15:22:49 -0700
X-Orig-Sender: ietf-request@IETF.CNRI.Reston.VA.US
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Ned Freed <Ned.Freed@innosoft.com>
Subject: Re: Last Call: MIME Security with Pretty Good Privacy (PGP) to Proposed Standard
In-reply-to: "Your message dated Thu, 25 Apr 1996 17:25:07 -0400" <9604252125.AA28304@dcl.MIT.EDU>
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: Ian Duncan <id@cc.mcgill.ca>, "Perry E. Metzger" <perry@piermont.com>, ietf@CNRI.Reston.VA.US
Message-id: <01I3YRBWQSBW9AMM6D@INNOSOFT.COM>
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET="US-ASCII"
Content-transfer-encoding: 7bit
References: <Pine.SOL.3.91.960425094911.4070C-100000@amaretto.cc.mcgill.ca>
Source-Info: From (or Sender) name not authenticated.
> But to expand slightly since you seem to have missed it, in essence the > protocol design significantly depricates the MIME/SIG-ENC foundation > in favour of the native PGP data structures which profoundly limits the > potential for use within the Internet message realm. This is fixable and > should be fixed. I don't believe that fundemental issues of this sort can > or should be repaired here inside the last call period. I disagree 100% with this assessment. The document as issue, draft-ietf-elkins-pem-pgp-03.txt, not only doesn't deprecate the MIME/SIG-ENC function (i.e. security multiparts), it embraces it to the maximum extent possible with present-day PGP. The draft characterizes the MIME/SIG-ENC functions as "elegant" and refers to itself as being modelled on the MOSS specification in its use of them. More specifically, for signed material, this document adopts RFC1848's approach of using RFC1847 mechansisms that split the data and signature. This is actually somewhat difficult for PGP to do but it is done anyway. As for encrypted material, while it would have been nice for PGP to use the split approach advocated by RFC1847, doing so means using an operating mode that PGP simply doesn't support at present, and in order for it to be useful PGP would also have to adopt a symmetric encryption mechanism that is shared with other services based on RFC1847. Changing this would necessitate substantial changes to PGP proper, and such changes are out of scope of the group that devised this specification, which was specifically tasked with producing a specification for integrating existing PGP into MIME and nothing more. > Has it occurred to you that perhaps this MIME/SIG-ENC foundation might > be one of the reasons that MOSS has seemed to "have done an effective > job of killing itself"? Absolutely not, and there is overwhelming evidence that this is not the case. Far from being dead, security multiparts seem to be doing just fine. S/MIME has embraced the use of security multiparts, albeit somewhat late, somewhat reluctantly, and only after substantial misconceptions about MIME and security multiparts were cleared up. PGP is also embracing security multiparts in this specification. MSP is doing so as well, and while I have some grave reservations about some aspects of the MSP proposal it nevertheless is based on security multiparts at present. This means that all of the various security services for email will soon sit on top of a common foundation -- the same foundation that you claim killed MOSS. Unless you are prepared to argue that the demise of S/MIME, MSP, and PGP is imminent you don't appear to have much to back up this assertion. > In the words of one of MOSS's authors: > > Even more interesting is that S/MIME was put together after, and in > > reaction to, MOSS, thus indicating that the basic scheme of the MOSS design > > didn't satisfy the big players. > > In a nutshell, MOSS is based on the idea of exploiting MIME pretty > > thoroughly instead of just grafting cryptographic services into MIME as a > > fresh application. This degree of intimacy and interdependence on MIME > > didn't sell well to the commercial players. With all due respect to Steve Crocker, what he says here is not strictly correct. First of all, the S/MIME effort started long before MOSS was finalized. And it was started for one primary reason -- the IETF effort had already failed. Yes, closure was finally reached and a specification was finally produced, but a protocol three years in the making is a failure from a commercial standpoint even if the IETF finally signs off on it. The frustration this sort of things causes in the vendor community is immense and it doesn't fade quickly. S/MIME clearly began with the goal of getting a viable security service for Internet mail done and out the door. It naturally drew on existing components whereever possible -- the PKCS series was already specified so it was used, MIME was already specified so it was used, and so on. Security multiparts were looked at askance at first but have now been embraced by S/MIME. Now, I said that Steve is not strictly correct because at least one aspect of security multiparts definitely has not been well received: Separation of encypted content from information about the encryption. There are many reasons for this rejection. For one thing, most existing security envelopes, including PGP, PKCS, and MSP, do not make this easy. For another, the separation is only useful when multiple services are employed on the same content at the same time, and for this to work there has to be a high degree of coordination between different security services, something that simply doesn't exist today. As such, when faced with the need for a major redesign in exchange for something that is only of benefit when your scheme is used in conjunction with a competing scheme, most designers opt out of this aspect of security multiparts. Is this desireable? Maybe not. If in the very long term we end up with multiple stable security services that employ common symmetric services and are widely used by overlapping populations, we will have made a mistake in rejecting a mechanism that permits data sharing between services. But that's a lot of ifs, and it isn't like this aspect of the service cannot be revived if there is need for it. Always remember that encryption necessarily involves knowing something about the destination, and as such it is much more feasible to phase in new encryption mechanisms than any other sort of security service. > So the fact that protocol significantly deprecates the MIME/SIG-ENC > foundation may be considered a feature, not a bug. I reject the so-called "fact" here. This protocol embraces security multiparts rather than deprecating them. And I see embracing security multiparts as a feature, not a bug as you would have it. Ned
- Re: Last Call: MIME Security with Pretty Good Pri… Ian Duncan
- Re: Last Call: MIME Security with Pretty Good Pri… Dave Crocker
- Last Call: MIME Security with Pretty Good Privacy… The IESG
- Re: Last Call: MIME Security with Pretty Good Pri… Ian Duncan
- Re: Last Call: MIME Security with Pretty Good Pri… Ned Freed
- Re: Last Call: MIME Security with Pretty Good Pri… Ned Freed
- Re: Last Call: MIME Security with Pretty Good Pri… Michael Elkins
- Re: Last Call: MIME Security with Pretty Good Pri… Theodore Y. Ts'o
- Re: Last Call: MIME Security with Pretty Good Pri… Perry E. Metzger
- Re: Last Call: MIME Security with Pretty Good Pri… Theodore Y. Ts'o
- Re: Last Call: MIME Security with Pretty Good Pri… Dave Crocker