>From: Russ_Housley(_dot_)McLean_CSD(_at_)com(_dot_)xerox
>Subject: Forwarding: Re: PEM - X.400 interoperability
>Date: Thu, 21 Jan 1993 04:43:23 PST
>
>RE: Your that, "Plainly, it is important that various body parts in the MIME
>message be capable of bearing different privacy/authenticity enhancements."
>
>In the early PSRG work, PEM could encrypt portions of a message while
leaving
>other portions plaintext.
A contribution:
For some years, we also have played with one ECMA-standardized protocol
attempting to do all this for structured multi-media documents,
encompassing security within multiple, "parts" of documents, both
processable and/or formatted, on the basis of multiple author/recipient
model per-part, with and without facilities for some forwarding which
preserves security.
It has been hard going, and we ended up simply profiling that huge
representational resource down to 'PEM model, with multiple authors,
where the whole security-enhanced document (an "octet string") is
represented as a single "part"'.
Unlike for IPMessaging which performs efficient management of such
secured information models on the basis of the simple IPM architecture
plus a Message Store, the (secured) document architecture is harmonised
with DFR protocol. Documents and Personal Mail documents have very
differents requirements in reality, though they might seem the same
thing. DFR and X.400 P7 are conceptually the same facility, but
handling "real" documents (for use in advanced applications such as
library databases) not lists of bodyparts, really does make the whole
basis of design quite different. The differences between ECMA P7 and
DFR are much more interesting than the conceptual similarlities.
MIME/PEM and IPM of course go well together, being basically simple
formatted (multi-media) documents. However does MIME really see itself
also as a representation and interchange format for more complex
multi-media document formats like IBM's and DEC's DCA? I fear not, the
power of expresssion is simply too limited for this function.
Therefore, development of more advanced PEM information models would
seem to be limited by the media of information transmission - namely MIME.
Or am I wrong? Does MIME carry the potential to offer profiles for
representing complex structured documents? If so, then it might be
feasible to think about exploiting such to carry extra security
attributes.
If PEM and MIME must go hand in hand for the current IPM and messaging
community (as seems critical) then 2nd generation PEM must continue to
address MIME in terms of _its_ information architecture capabilites,
before even thinking about more advanced forms of privacy enhancement.