[Top] [All Lists]

Re: Why do people fight about S/MIME vs. PGP rather than use MOSS?

1997-11-30 13:52:11

Gunther Schadow wrote:


I am  a member of a  EDI standards organization currently  preparing a
recommendation  for   their   members on  applying    Internet  E-Mail
standards.  Of course, security is a major issue here. Our observation
is that the  field is everything else than  clear while PGP and S/MIME
camps  are fighting each   other.

Actually, my perception is somewhat different. It is that S/MIME is simply
about its business, and has by far the most massively installed base on the
in terms of both Netscape and Microsoft, as well as by far the broadest
investment, in terms of its consortium. I use both, think each has its
place, and think
the difference is in trust algorithms. I believe each trust algorithm has
uses and neither should try to subsume the other because it will lose
unique advantages for the things it is well suited.

My own observation is that most such conflicts (other than religious wars)
stem from the unwillingness on the part of PGP fans to acknowledge that
S/MIME involves intellectual property--a fact--which is entitled to a fair
return. This is most odd, since PGP is also a commercial product which is
sold in the marketplace.

There is also a deeper issue involved. The Internet was originally built
with a significant component of the "gift" model. Software was free for the
taking, and a rich uncle, the US taxpayer, provided for much that had to be
paid for. This is no longer the case, and
the Internet is well and truly a free-market commercial proposition
although some users are subsidized to this day, mostly academics and
students. It is exactly these users who seem most vociferous about "free".
This is both inappropriate and maladaptive.

As I understand it, the real Internet policy about intellectual property is
NOT "unencumbered" but rather  something like "'freely available on
non-discriminatory--or perhaps "reasonable"--terms"'. Internet policy is
supposed to be (if my understanding is correct) "intellectual property
neutral" and not hostile to intellectual property. If that is correct, much
recent pressure on RSADSI with respect to S/MIME was from a few small
actors with loud voices throwing their Internet weight around. Never
mind--we now have an S/MIME 3 working group with certain ground rules and
that's where we're proceeding from.

Similarly, we've seen the sight of PGP Inc. disenfranchinsing a huge
RSA-key PGP user base in free version 5.53, along with the web of
signatures built up over several years. Again--never mind; the Open PGP
working group must simply insure that that cannot happen again with Open

Unfortunately, marketing  interests
seem to play the major role  in that fight.

I have observed this entirely as: 1. Attempts to restrict S/MIME
intellectual property and disadvantage RSADSI and 2. Attempts to tilt the
playing field to the advantage of PGP Inc.  by taking advantage of the fact
that originally PGP had little intellectual property of its own but used
the intellectual property of others and some of that intellectual property
of others has now come off patent protection. 3. Attempts to make wrong the
actions of RSADSI in protecting their intellectual property and pursuing
their legal right to insure that licensees honor their agreements. From my
perspective it has looked like a crooked dice game. When the above is
brought to attention, we often see ad hominem responses indicative of the
weaknesses of those proponents' intellectual positions.

As  much as I am confident
in the IETF  to stick to its  former  policy propagating open,  freely
available, simple and effective standards, I am nevertheless concerned
that industry is  on the edge to do  a lot of harm in  that field.  It
seems already that the  "Internet Mail Consortium"  will have a strong
impact in  IETF   standardization, and  as  the   IMC is   an industry
consortium, is not committed to the IETF policy.

One must face the reality of both existence and choice in the marketplace.
The IMC represents successful actors in that marketplace. Some of the
smaller ones support PGP but the most successful support S/MIME. The
largest supporter of PGP in that group is Qualcomm and if you strip out
their non-crypto business they are relatively small. Thus complaints about
the IMC read like more pro-PGP partisanship. The facts are that Ford, GM,
and Toyota make the cars, not MIT or DeLorean, and any realistic standard
has to take account of what is out there in the marketplace. An attempt to
impose the desires of a small self-appointed elite is doomed to fail under
the current massively public Internet model.

I   have a strong  personal distaste  with S/MIME,   as the PKCS specs
require ASN.1, X500 and other OSI stuff that  does not merge very well
with  the rest of  the Internet infrastructure.

Like the bumblebee, S/MIME is out there in millions (well over 25 million)
of installed base copies of Netscape and Explorer. Perhaps if there is a
problem with the "internet infrastructure" it is that which needs
adjustment. Thus far I've not heard of the Internet crashing down because
of the particular crypto protocols in, say, Netscape. There are far more
serious threats to worry about. My fear of S/MIME creating problems for
"the rest of the internet infrastructure" is 47th on my list of fears, just
below the fear of aliens taking over my computer. I do not mean to make
light of your concerns, but given the huge installed base of S/MIME
applications out there now, some acknowledgement of the realities of the
marketplace is in order.

Of  course the use of
patent encumbered algorithms is  a deleterious "feature" of S/MIME  --
this also shows whose only real interest

Here you move from a laudable discussion of principles and objectives to
the imputation of motives and make-wrong. It does not add to the

it is to  have S/MIME. It is
not common sense, it is the profit  of one company: RSA Data Security,

Actors are entitled to a return from their investment in intellectual
property. In this case the ultimate beneficiary are the assignees of the
inventors, e.g. MIT. You are appealing to a model here which has long been
discredited as a basis for the stimulation and preservation of innovation..
It was RSADSI who, in effect, brought RSA and many other algorithms to the
marketplace, including two used in PGP. Similarly, it was IDEA which also
(as a commercial product via ASCOM AG) contributed to PGP. RSA Laboratories
continues to be one source for much of the world's crypto research outside
of government. That isn't an eelymosynary gift but must ultimately draw on
payment for intellectual property. The notion that the Internet should use
only free crypto is a guaranteed formula to kill such innovation except in
the glacial corridors of academe, and force the successful commercial
actors to "tunnel" rather than benefitting the entire net. And even those
magisterial academic confines lead to things like RSA and RSADSI; to patent
licensing and charging for intellectual property.

Of course if you want guaranteed old technology, don't use anything until
the patent has expired.

<Microsoft bogeyman analogy omitted>

On the other hand PGP  is doing  a  definite cut  in its tradition  in
order to move  away from  patent  encumbered algorithms. However,  PGP
uses an ad-hoc binary format as  well. Even though  it is simpler than
ASN.1/DER,   it is still unnecessarily  obscure,  when  applied in the
world of MIME.

You seem to forget that although PGP would like its royalty costs to be
"free", it charges for its commercial products. One cannot make a case here
for anything other than self-interest. It is true that PGP gives away
crippled non-commercial versions that won't affect what it sees as its self
interest. RSADSI gives away RSAREF and RSAREF2 as well, so that one is a

<MOSS discussion omitted>

Anyway, what I refuse to accept is that the two camps (PGP and S/MIME)
do not try to collaborate.

The two working groups are, as I understand it, under instructions to
collaborate when areas of commonality are involved. What is more, MIME
provides an overarching structure that could bring both under at least a
common "envelope" structure if desired. Let us hope such cooperation is
more than grudging lip service.

Why don't they sit together, listing their
features in an abstract manner, independent from any format like ASN.1
or PGP's  or any technology  like X509?  These feature-lists  could be
merged, in order to  come up with  an abstract security  specification
that includes both approaches.

I believe this would be a major blunder. The advantages of web of trust are
that anyone may be his own certifier, with whatever rules he wishes to make
and perhaps publish. The advantages of rigid-heirarchical are that nobody
but audited, known-standard certifiers with particular published rule-sets
are valid. The first is extremely useful among small, mutually known groups
in which members are willing to investigate each certifier's standards. The
second is essential for arms-length and commercial interaction in which
users must rely on standardized, known, supervised assurances with respect
to trust procedures and cannot personally investigate each certifier.

Trying to make either model do the job of the other will corrupt it such
that it will lose some of its own advantages. I note that most action in
this direction is with respect to PGP trying to get some of S/MIME's
"market share". I think this to be a very bad idea. In the end, unless
there are versions of PGP software which will, hard-wired, accept only
rigid-heirarchical trust, this will corrupt both trust models with respect
to PGP.

What I am saying is that although much focus has been on particular
algorithms in the past, the "openness" of Open PGP reveals that this is
really a distraction (fundamental principle-wise), and the real crux of the
matter is trust models.

This abstract specification could then
be mapped to concrete technologies, whether  MIME (=> MOSS), ASN.1 (=>
PKCS) or the PGP-style.  Conversion software could be used as gateways
between these protocols.

If this where done,  the IMC or any other  involved party  could show,
whether their work  in the IETF is  for the sake  of the community  or
just  for their own  market share.

Again a specious dichotomy is being set up between "the sake of the
community" and "commercial viability". The two are inextricably

Get back  to common sense, now! Get
the Internet back into people's hands!

"Power to me and my friends!" uh, er, um, oops, "Power to the People!"