In <199803100143(_dot_)RAA29925(_at_)mail(_dot_)proper(_dot_)com>, on 03/09/98
at 05:39 PM, Paul Hoffman / IMC <phoffman(_at_)imc(_dot_)org> said:
And not needed. I take it you haven't been following the S/MIME working
group. None of the drafts for S/MIME v3 have mandated any proprietary
technology. The mandatory algorithms are the same as are proposed for
OpenPGP: Diffie-Hellman for key exchange and tripleDES for encryption.
The two groups are using different variants of each, but the requirements
are by and large the same.
Well I think we have a *big* difference between S/MIME and OpenPGP here.
With OpenPGP we have only one corporation (PGP Inc.) involved with legacy
software, and they have made a strong effort to push it's user base away
from proprietary algorithms (RSA) to unencumbered ones.
In the S/MIME camp you have quite a different senario. You have several
large corporations (Netscape, Microsoft, IBM/Lotus) all who have
substantial investments in RSADSI software licenses. I hardly doubt that
any of these companies will make any effort to move their users away from
RSA. While it is true that the MUST requirements in the S/MIME v3 draft
have been dropped you will not see any products on the shelf that do not
support it.
The only way to build crypto e-mail software using unencumbered algorithms
is by using OpenPGP. While technically you can do it with S/MIME v3 you
woun't be able to talk to anyone else.
--
---------------------------------------------------------------
William H. Geiger III http://users.invweb.net/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/esecure.html
---------------------------------------------------------------
Tag-O-Matic: PATH=C:\DOS;C:\DOS\RUN;C:\WIN\CRASH\DOS;C:\ME\DEL\WIN
pgpbnYutPCdjs.pgp
Description: PGP signature