ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why do people fight about S/MIME vs. PGP rather than use MOSS?

1997-12-02 09:06:38
from [James M Galvin] [Permanent Link] 
On Tue, 02 Dec 1997 10:30:29 GMT, Colin Robbins said (and I quote):

    This suggests the choice between S/MIME and MOSS is being made on
    the basis of what is easy to implement.  This is never a good
    argument to use, as it loses sight of one major consideration - the
    users.

    Any choice ought to be focusing on what the users - at the end of
    the day our customers - will find integrates into the desktop
    environment in the simplest and cleanest way.  My understanding is
    this debate suggests this is a MOSS based approach.

Funny you should say this.  I agree with the conclusion but not how you
got there.

In the debate over X.400, PEM, PGP, MOSS, MSP, or S/MIME, one
observation I like to make is that the user doesn't care what you
choose.  Frankly, all these protocols provide the security services of
the greatest interest to users.  Further, all these protocols could be
made to support the trust model of your choice and the algorithms of
your choice.  (Some may have made policy choices in these areas but
those choices could be changed!)  It just doesn't matter.

What the user cares about is interoperability, i.e., when I send you a
secure email message you can process it.  This is problematic given so
many choices.  That is the problem!

The differences in these protocols are in the implementation.  Only
developers care about the differences in these protocols (setting aside
politics).  Each of these protocols requires a different amount of
effort to be integrated with various email clients and applications, as
well as other applications, e.g., the web.  Each of these protocols made
different design choices based on different assumptions and
requirements.  It is these things we should be evaluating in our quest
to make a choice.

On the issue of deployment, it's nice that S/MIME is integrated with
Netscape/Microsoft.  I suspect it will get a certain market share
because of this.  But let us not forget there are a lot more email user
agents out there than just Microsoft/Netscape.  And many of them are far
better than Microsoft/Netscape (although probably not for long).  S/MIME
is not going to just slip in to that market.

Jim
--
James M. Galvin                       Executive Director, Trust and Security
CommerceNet Consortium                +1 410.203.2707
3209A Corporate Court                 +1 410.203.2709 FAX
Ellicott City, MD  21042              http://www.commerce.net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: ESS-00 ContentHints and Signed Receipt Hashing, John Pawling
Next by Date:  RE: ESS-00 ContentHints and Signed Receipt Hashing, Scott Hollenbeck
Previous by Thread:  RE: Why do people fight about S/MIME vs. PGP rather than use MOSS?, Colin Robbins
Next by Thread:  RE: ESS-00 ContentHints and Signed Receipt Hashing, John Pawling
Indexes:  [Date] [Thread] [Top] [All Lists]