On Mon, 19 Feb 1996, Housley, Russ wrote:
Date: Mon, 19 Feb 96 17:31:40
From: Housley, Russ <housley(_at_)spyrus(_dot_)com>
To: raph(_at_)c2(_dot_)org
Cc: resolving-security(_at_)imc(_dot_)org,
pem-dev(_at_)neptune(_dot_)tis(_dot_)com
Subject: Re: A brief comparison of email encryption protocols
Raph:
At 4:49 PM 2/14/96, Raph Levien wrote:
MOSS is mostly cryptographically sound.
In fact, MOSS is too flexible. In most circumstances, signatures should be
performed before encryption. MOSS allows people to sign ciphertext, by
putting a multipart/encrypted inside a multipart/signed. The MOSS
specification offers no warnings about this "feature."
In order to fullfil all the needs that will arise, it is essential that a
secure mail system be able to do signing and encryption arbitrarily
nested and in any order. "People" will not normally be calling directly
on the basic MOSS capabilities. They will use software that provides
appropirate composites.
With the ever rising levels of spam, junk mail, and forgeries, I expect
it to become common in the future for gateways, mailing lists, systems,
etc., to refuse any mail that is not "visibly" signed on the outside
(although it also works to have it encrypted to the gateway or system so
it can decyrpt if there is a good signature inside that). I'm not saying
such outer signatures need be from the individual source, so this is not
necessarily incompatible with anonymity. And I'm sure there will also
always be places that don't impose such restrictions. But I predict a
future trend toward requiring visible authentication on mail for it to
be handled.
Russ
Donald
=====================================================================
Donald E. Eastlake 3rd +1 508-287-4877(tel) dee(_at_)cybercash(_dot_)com
318 Acton Street +1 508-371-7148(fax)
dee(_at_)world(_dot_)std(_dot_)com
Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA)
http://www.cybercash.com http://www.eff.org/blueribbon.html