RE: [Internet-Drafts@ietf.org:
Peter Williams <peter@verisign.com> Fri, 04 October 1996 14:15 UTC
Received: from cnri by ietf.org id aa13442; 4 Oct 96 10:15 EDT
Received: from neptune.hq.tis.com by CNRI.Reston.VA.US id aa10120; 4 Oct 96 10:15 EDT
Received: by neptune.TIS.COM id aa00846; 4 Oct 96 9:27 EDT
Received: from neptune.tis.com by neptune.TIS.COM id aa26732; 4 Oct 96 7:59 EDT
From: Peter Williams <peter@verisign.com>
To: 'Dave Crocker' <dcrocker@brandenburg.com>
Cc: "'pem-dev@tis.com'" <pem-dev@tis.com>
Subject: RE: [Internet-Drafts@ietf.org:
I-DACTION: draft-balenson-secure-email-00.txt]
Date: Thu, 03 Oct 1996 16:36:13 -0700
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: pem-dev-approval@neptune.tis.com
Precedence: bulk
Message-ID: <9610040745.aa26720@neptune.TIS.COM>
Its an interesting question. I argued 5 years ago that Fortezza key escrow was a lot less intrusive that the current proposals for which US software industry is caving to day by day. Hopefully users can still decide for themselves, still. A change to the underlying PKCS7 has been made (but not published) so that it can supprot the use of key agreement ciphers, versus key transport ciphers. Obviously, S/MIME then inherits all the arguable benefits. Finding clients willing to pay for development is the only hard bit, as its merits are marginal, if they exist, over the PKCS7 systems deployed for years. Given, using Fortezza with skipjack encryption means Clipper-based mandatory message key escrow with covert access capability, I doubt it would get into PGP/MIME, somehow. But Ive been wrong on PGP''s policy on key recovery before now! As far as I know, PGP forces one to use the ciphers the designers choose. If you want a low grade cipher, tough. If one wnats the PCMCIA-features of the Fortezza card, spyrus sell an RSA equivalent, with not much doubt as to its suitability for the risks of personal token users when performing the RSA operations. Peter. ---------- From: Dave Crocker Sent: Thursday, October 03, 1996 8:07 AM To: David M. Balenson Cc: pem-dev@TIS.COM Subject: Re: [Internet-Drafts@ietf.org: I-DACTION:draft-balenson-secure-email-00.txt] I don't know a delicate way to ask this question, so I'll just do the usual bull in a china shop approach: Is there an equivalent effort to specify the use of FORTEZZA for the PGP/MIME and S/MIME environments? d/ -------------------- Dave Crocker +1 408 246 8253 Brandenburg Consulting fax: +1 408 249 6205 675 Spruce Dr. dcrocker@brandenburg.com Sunnyvale CA 94086 USA http://www.brandenburg.com Internet Mail Consortium http://www.imc.org, info@imc.org
- RE: [Internet-Drafts@ietf.org: Peter Williams
- Re: [Internet-Drafts@ietf.org: Theodore Y. Ts'o