[Top] [All Lists]

Re: Why do people fight about S/MIME vs. PGP rather than use MOSS?

1997-12-02 05:32:23
Mon, 01 Dec 1997 10:07:02 -0800
David Sternlight wrote:

Phillip M Hallam-Baker wrote:

The only sense in which the built in client certs are in any
way special is that the browser company (Microsoft/Netscape)
has reviewed their Certification Practices Statement and
their operations and determined that their certificates
may generally be considered trustworthy. If you disagree
with this assement then uncheck the box next to VeriSign,
MCI, Thawte etc and you are entirely OK.

This is the point, though I may have expressed it imprecisely. For
S/MIME-X509-Verisign et al (what can we call that as shorthand?) there are
"Certification Practices Statements" and sets of hardware and software
standards for CAs. Second of all they are reviewed and only those considered
trustworthy in general are pre-installed in general-user browsers (as distinct
from some possible intranet practice). This is a distinct advantage of the
model, as implemented, for arms-length interaction between strangers.

   You mean that we should be glad that the company that produced the
browser has saved us the effort of finding who to trust, registering,
configuring and all those tedious procedures? Just like Microsoft did,
saving us the effort to select, get and install a WEB browser by
including Explorer in the Windows package?. Of course, you can always
choose not to use those pre-installed features, but you know that the
average user will use them without questioning whether there are
alternatives and then the others will have to follow in order to
mantain compatibility and interoperatibility. Only those users who have
knowledge about computer security and do not like the kind of trust
model proposed will uncheck those boxes. But those are just commercial
practices (Not very ethical, by the way). Trust CAN NOT be started that
way. By definition. Period. Trust MUST be originated in the real 3D
world and then expressed by the tools that the technology provide. If
the actual tools are not satisfactory (not easy to use, not natural, not
efficient or not elegant...) then what we have to do is to develop new
tools not to try to adapt the world to the tools we have.
   By the way, Gunther, the solution to this problem has not been here
for more than ten years. We're just starting to develop it. Please do not
think that the theory of information security is just a few encipherment
algorithms. There are new questions and problems arising every day that
need a solution. Examples? Legal communication interception that does not
destroy the citizens rights, Electronic Commerce and many others.
   We have seen lately that the kind of marketing described above has led
to the success of products that are not the best ones, based on letting
everybody use them for free until the product has swep the competitors
and then, without alternatives, imposing the company's rules. I wont
mention any of them, but I suppose everybody has in mind at least a kind
of computer and one Operating System (both of them used by me to send
this message). The importance of the issue we are speaking of in this
group forces us to consider different alternatives and being very
careful when we choose one. The main point is that people can use the
Internet for their private communications, business or whatever without
loosing not even one of their rights. That's not guaranteed with the
actual trust models and certification schemes.

In contrast, the web of trust model, as practiced, doesn't require such
practice statements, nor central checking, nor any particular CA
standard-sets. Instead each user creates his own trust heirarchy and rules.
This is a distinct advantage of that model, for small workgroups where
participants know each other and have an opportunity to verify fingerprints 
or keys
to identities directly.

The advantage of this model is that trust comes from the real world but it
fails when:
-we have to communicate with people that are not linked by a trust
 (certificate) chain to us.
-we have to revocate trust on somebody.
-we have lost our certificates.
-we have to check a certificate with a long trus chain.
Some of those problems are common to the S/MIME model.

Clearly the first approach is useful in some environments, and the second in
others. It would be a mistake for users in arms-length interaction to trust
unverified signatures just as it would be a mistake to force small
self-contained work groups to adopt the overhead of CAs, trust statements,
etc. And unless the canonical models are distinct, a degree of user education
well beyond pragmatic practice is required, and the possibility is opened for
much mischief.

  I really believe that the simultaneous use of the two models is not a good
idea, it just seems to me a proposal to close this discussion. There are too
many problems involved in any of those models alone to combine them in one
model with two options.

To avoid misunderstanding I repeat my basic mantra--each trust model in its
pure form has its place and to combine one with the other in the base design
is a bad idea,

I agree as I have just said above, in the second part, but I don't think
that the coexistence of both models is an advance, maybe you just want to
put them out there and let the market do its job selecting one of them.

thought providing a fail-safe multi-step escape hatch giving
users some flexibility (as you've illustrated for S/MIME in Explorer) may be
useful. Nevertheless I suggest the canonical forms are distinct, and should
remain so: In S/MIME-X509 as practiced, users are provided with high-level CA
keys which meet CPS tests; in web of trust as practiced, users must build
their own CA structure on a case by case basis but aren't limited by anyone
else's idea of CPS tests (pace Thawte).

Frankly speaking, I have the impression this is really not a useful discussion
to continue in the PGP and S/MIME 3 IETF lists since I think de facto we've
got two standards evolving and the commonality is likely mostly to be in the
area of envelopes. But it is not for me to try to shut off discussion on this
interesting topic, if others find it useful.

I agree. It's time to close the debate of PGP vs. S/MIME but it's also time to 
some new alternatives. Please, if conforming to an old standard like
X.500 or any other makes it difficult to develop those new alternatives we
should try to develop those alternatives without the old standards. I want
to note that we are witnessing the difficulties of the development of a
standard, and the different points of view that arise in every question,
so we should be aware that a standard (specially those never used before)
is likely to have imperfections (small or big). That means that NOTHING
should be taken as the indisputable basis of our design.
   I really think that the point of view of all the people that
participated in this discussion has enrichted this group.
                         ( o o )
  !           _   ,                                        !
  ! Antonio Mana-Gomez               eMail: amg(_at_)lcc(_dot_)uma(_dot_)es !
  !                                                        !
  !          !
  !                                                        !
  ! Departamento de Lenguajes y Ciencias de la Computacion !
  !        E.T.S.I.Informatica.    Desp. 1.2.B.19          !
  !                Campus de Teatinos.                     !
  !               29071 MALAGA (SPAIN)                     !
  !                                                        !
  ! Phone: (+34) 5 213 27 54        Fax: (+34) 5 213 13 97 !