Steve,
Your points were well taken.
I hope that it is not yet time for a eulogy for PEM, but
I'll admit that if we don't start seeing some increased
use pretty soon we might want to charge up the
batteries of the defibrillator. Not to pull your chain
too much, but when can we expect to see signed
messages coming from RSA routinely. Is this a case of
the shoemaker's children?
The AOCE technology in the System 7 Pro implements the protocol
defined in PKCS #7 for detached signatures. PEM messages can be
translated into PKCS #7 messages without any cryptographic operations,
however, the reverse is only sometimes true due to the many optional
extensions that PKCS #7 has made over PEM. The PKCS standards were
created by a consotium consisting of RSA and a number of commercial
and academic organizations. They have been implemented by many
commercial vendors and are available via anonymous ftp from rsa.com.
Not to sound like the spin doctor, but what I meant to say was that AOCE
doesn't provide PEM or other email protocol. Nor, probably, should it,
since it is an operating system extensions that provides the tools for
applications to use.
I don't mean to start any religious wars, but we have seen some extensive
commentary regarding PEM vs. PGP. I confess to never having read the
PKCS standards in any significant detail, but I think it would be interesting
and worthwhile to point out the extensions that PKCS has made over PEM.
Could you summarize these, point by point?
Does PKCS uses the basic X.509 certificate, or do you use a varient of 509?
I understand that PKCS doesn't have notion of a Policy Certification Authority,
so I am curious how a user knows how much trust to put in the signature?
I am assuming that the CRL mechanism is similar to PEM, but that would be
worth commenting on also.
It should not be necessary to take a private key to the CA. The
certification request format in the RFC1424 includes a bit of
innocuous text that has been signed by the newly-generated private
key as well as a self-signed certificate for the newly-generated
public key, essentially proving ownership of a corresponding private
key.
I don't have RFC1424 in front of me, but as I recall the certification
request format was primarily for use in the older Organizational Notary
form, or when RSA or other PCA is co-issuing a certificate. y point was
that unless the user physically appears before the CA or his trusted agent,
you cannot be absolutely certain that the binding of the public
key to the Distinguished Name is done correctly, because someone
might have captured another users public key and self-signed certificate,
including the innocuous text. As I recall, at least, there was no requirement
that the innocuous text be changed from certificate to certificate, or that
it be specified by the CA. maybe we should look at that.
In the center of the chart, like a hole in
a doughnut, there was a circle labelled something like "Public/Private
Policy Direction". Unfortunately, there isn't any coherent public
policy as yet, nor much guidance from the private sector either.
I like to believe that there is a tremendous bit of guidance from the
private sector (but I'm pretty biased in this area :-).
I certainly acknowledge the yeoman service that RSA has done in this area.
Of course, having garnered all of the patents under one roof, they
certainly should be expected to further the cause!
My point was that there are a number of different organizations, ranging from
the PEM development community to the IETF (strong, but not complete
overlap), to ANSI X9F1, to X.12 and X.435/EDIFACT, the PKCS contingent,
the PGP advocates, and probably others I haven't heard about, and no one
is sitting down with the Government (who have their own agendas) and
saying, "How can we make all of this happen, and happen faster?"
Instead, each standards group takes their own particular view, the
developers are reluctant to change a single line of code, the users are
sitting on the fence, and 5 years or more of hard work has produced
an extremely modest product, IMHO. And that's a damn shame.
In the best of all possible worlds, VP Gore would convene a group of
working types (not the corporate presidents) -- people like Steve Kent,
Steve Dusse, Hoyt Kesterson, Steve Crocker, Vint Cerf, Lynn McNulty,
Rob Shirey, Charlie Watts, Michael Baum, people from the Post Office,
and the IRS, and Health and Human Services, and some of the X.500
directory service providers -- and say, "Gentlemen (and ladies), I want
an effective Public Key Infrastructure, and I want it up and running
within one year, and I'm not going to yet you go home until you all agree
as to how we should accomplish this task."
Bob