Gunther Schadow wrote:
TWO EVERYONE INTERESTED IN INTERNET MAIL SECURITY.
I am a member of a EDI standards organization currently preparing a
recommendation for their members on applying Internet E-Mail
standards. Of course, security is a major issue here. Our observation
is that the field is everything else than clear while PGP and S/MIME
camps are fighting each other.
Actually, my perception is somewhat different. It is that S/MIME is simply
going
about its business, and has by far the most massively installed base on the
Internet,
in terms of both Netscape and Microsoft, as well as by far the broadest
capital
investment, in terms of its consortium. I use both, think each has its
place, and think
the difference is in trust algorithms. I believe each trust algorithm has
important
uses and neither should try to subsume the other because it will lose
unique advantages for the things it is well suited.
My own observation is that most such conflicts (other than religious wars)
stem from the unwillingness on the part of PGP fans to acknowledge that
S/MIME involves intellectual property--a fact--which is entitled to a fair
return. This is most odd, since PGP is also a commercial product which is
sold in the marketplace.
There is also a deeper issue involved. The Internet was originally built
with a significant component of the "gift" model. Software was free for the
taking, and a rich uncle, the US taxpayer, provided for much that had to be
paid for. This is no longer the case, and
the Internet is well and truly a free-market commercial proposition
although some users are subsidized to this day, mostly academics and
students. It is exactly these users who seem most vociferous about "free".
This is both inappropriate and maladaptive.
As I understand it, the real Internet policy about intellectual property is
NOT "unencumbered" but rather something like "'freely available on
non-discriminatory--or perhaps "reasonable"--terms"'. Internet policy is
supposed to be (if my understanding is correct) "intellectual property
neutral" and not hostile to intellectual property. If that is correct, much
recent pressure on RSADSI with respect to S/MIME was from a few small
actors with loud voices throwing their Internet weight around. Never
mind--we now have an S/MIME 3 working group with certain ground rules and
that's where we're proceeding from.
Similarly, we've seen the sight of PGP Inc. disenfranchinsing a huge
RSA-key PGP user base in free version 5.53, along with the web of
signatures built up over several years. Again--never mind; the Open PGP
working group must simply insure that that cannot happen again with Open
PGP.
Unfortunately, marketing interests
seem to play the major role in that fight.
I have observed this entirely as: 1. Attempts to restrict S/MIME
intellectual property and disadvantage RSADSI and 2. Attempts to tilt the
playing field to the advantage of PGP Inc. by taking advantage of the fact
that originally PGP had little intellectual property of its own but used
the intellectual property of others and some of that intellectual property
of others has now come off patent protection. 3. Attempts to make wrong the
actions of RSADSI in protecting their intellectual property and pursuing
their legal right to insure that licensees honor their agreements. From my
perspective it has looked like a crooked dice game. When the above is
brought to attention, we often see ad hominem responses indicative of the
weaknesses of those proponents' intellectual positions.
As much as I am confident
in the IETF to stick to its former policy propagating open, freely
available, simple and effective standards, I am nevertheless concerned
that industry is on the edge to do a lot of harm in that field. It
seems already that the "Internet Mail Consortium" will have a strong
impact in IETF standardization, and as the IMC is an industry
consortium, is not committed to the IETF policy.
One must face the reality of both existence and choice in the marketplace.
The IMC represents successful actors in that marketplace. Some of the
smaller ones support PGP but the most successful support S/MIME. The
largest supporter of PGP in that group is Qualcomm and if you strip out
their non-crypto business they are relatively small. Thus complaints about
the IMC read like more pro-PGP partisanship. The facts are that Ford, GM,
and Toyota make the cars, not MIT or DeLorean, and any realistic standard
has to take account of what is out there in the marketplace. An attempt to
impose the desires of a small self-appointed elite is doomed to fail under
the current massively public Internet model.
I have a strong personal distaste with S/MIME, as the PKCS specs
require ASN.1, X500 and other OSI stuff that does not merge very well
with the rest of the Internet infrastructure.
Like the bumblebee, S/MIME is out there in millions (well over 25 million)
of installed base copies of Netscape and Explorer. Perhaps if there is a
problem with the "internet infrastructure" it is that which needs
adjustment. Thus far I've not heard of the Internet crashing down because
of the particular crypto protocols in, say, Netscape. There are far more
serious threats to worry about. My fear of S/MIME creating problems for
"the rest of the internet infrastructure" is 47th on my list of fears, just
below the fear of aliens taking over my computer. I do not mean to make
light of your concerns, but given the huge installed base of S/MIME
applications out there now, some acknowledgement of the realities of the
marketplace is in order.
Of course the use of
patent encumbered algorithms is a deleterious "feature" of S/MIME --
this also shows whose only real interest
Here you move from a laudable discussion of principles and objectives to
the imputation of motives and make-wrong. It does not add to the
discussion.
it is to have S/MIME. It is
not common sense, it is the profit of one company: RSA Data Security,
Inc.
Actors are entitled to a return from their investment in intellectual
property. In this case the ultimate beneficiary are the assignees of the
inventors, e.g. MIT. You are appealing to a model here which has long been
discredited as a basis for the stimulation and preservation of innovation..
It was RSADSI who, in effect, brought RSA and many other algorithms to the
marketplace, including two used in PGP. Similarly, it was IDEA which also
(as a commercial product via ASCOM AG) contributed to PGP. RSA Laboratories
continues to be one source for much of the world's crypto research outside
of government. That isn't an eelymosynary gift but must ultimately draw on
payment for intellectual property. The notion that the Internet should use
only free crypto is a guaranteed formula to kill such innovation except in
the glacial corridors of academe, and force the successful commercial
actors to "tunnel" rather than benefitting the entire net. And even those
magisterial academic confines lead to things like RSA and RSADSI; to patent
licensing and charging for intellectual property.
Of course if you want guaranteed old technology, don't use anything until
the patent has expired.
<Microsoft bogeyman analogy omitted>
On the other hand PGP is doing a definite cut in its tradition in
order to move away from patent encumbered algorithms. However, PGP
uses an ad-hoc binary format as well. Even though it is simpler than
ASN.1/DER, it is still unnecessarily obscure, when applied in the
world of MIME.
You seem to forget that although PGP would like its royalty costs to be
"free", it charges for its commercial products. One cannot make a case here
for anything other than self-interest. It is true that PGP gives away
crippled non-commercial versions that won't affect what it sees as its self
interest. RSADSI gives away RSAREF and RSAREF2 as well, so that one is a
wash.
<MOSS discussion omitted>
Anyway, what I refuse to accept is that the two camps (PGP and S/MIME)
do not try to collaborate.
The two working groups are, as I understand it, under instructions to
collaborate when areas of commonality are involved. What is more, MIME
provides an overarching structure that could bring both under at least a
common "envelope" structure if desired. Let us hope such cooperation is
more than grudging lip service.
Why don't they sit together, listing their
features in an abstract manner, independent from any format like ASN.1
or PGP's or any technology like X509? These feature-lists could be
merged, in order to come up with an abstract security specification
that includes both approaches.
I believe this would be a major blunder. The advantages of web of trust are
that anyone may be his own certifier, with whatever rules he wishes to make
and perhaps publish. The advantages of rigid-heirarchical are that nobody
but audited, known-standard certifiers with particular published rule-sets
are valid. The first is extremely useful among small, mutually known groups
in which members are willing to investigate each certifier's standards. The
second is essential for arms-length and commercial interaction in which
users must rely on standardized, known, supervised assurances with respect
to trust procedures and cannot personally investigate each certifier.
Trying to make either model do the job of the other will corrupt it such
that it will lose some of its own advantages. I note that most action in
this direction is with respect to PGP trying to get some of S/MIME's
"market share". I think this to be a very bad idea. In the end, unless
there are versions of PGP software which will, hard-wired, accept only
rigid-heirarchical trust, this will corrupt both trust models with respect
to PGP.
What I am saying is that although much focus has been on particular
algorithms in the past, the "openness" of Open PGP reveals that this is
really a distraction (fundamental principle-wise), and the real crux of the
matter is trust models.
This abstract specification could then
be mapped to concrete technologies, whether MIME (=> MOSS), ASN.1 (=>
PKCS) or the PGP-style. Conversion software could be used as gateways
between these protocols.
If this where done, the IMC or any other involved party could show,
whether their work in the IETF is for the sake of the community or
just for their own market share.
Again a specious dichotomy is being set up between "the sake of the
community" and "commercial viability". The two are inextricably
intertwined.
Get back to common sense, now! Get
the Internet back into people's hands!
"Power to me and my friends!" uh, er, um, oops, "Power to the People!"
David