Dave Crocker wrote on Wednesday, 6 October 2004 7:17 a.m.
Andrew and Jim,
On Mon, 4 Oct 2004 08:14:17 -0400, Andrew Newton wrote:
following: we've been told that time is in short supply and that
even taking 2 extra months to understand our requirements
will cause
problems. If that is so, then we cannot risk time on a
new scheme;
we must limit the scope of the charter to S/MIME or PGP.
If i have understood the concerns correctly, the suggestion
is to use s/mime or pgp because they are well-established.
There are observations that s/mime and pgp do not
a) protect headers
b) use domain-scope identification
c) DNS-based key validation (or acquisition)
d) header-based attribute encoding
The response I am hearing is that there are no inherent
difficulties in making the changes to s/mime or pgp to cover these.
I am not understanding how "making the changes" differs from
a design and development effort.
In other words, pgp and s/mime do not do the necessary job,
so they are not well-established for this use and getting
them to cover this use might well require as much work at
choosing another scheme.
Note that some of the other schemes use well-established
algorithms. It is in fact in the issues of items a, b c and
d, above, that the create a new service.
So I am not understanding what the benefit is, in starting
with systems that have poor usage histories and inappropriate
identification, key management, data protection, and
attribute encoding.
Please clarify.
While the four shortcomings listed above exist, RFC3183 specifies domain
based email protection using the S/Mime protocol.
This concept has been successfully implemented and is currently in
widespread use for protecting email communications between New Zealand
government agencies (refer http://www.e.govt.nz/see/mail/index.asp). This
system has been deployed for over two years now.
The New Zealand government is currently planning to extend this concept to
secure Government <==> citizen email (where the ISP mail systems would be
accredited to provide the required security from the S/Mime gateway to the
actual mailbox).
Scaling the system beyond the current closed group of about 40 agencies,
will require a change in the existing X509 certificate distribution
mechanism (automatic retrieval via LDAP from the CA directory). The use of
CRL's to validate certificate status is a weak point in this infrastructure.
Regards,
James