>From: "Housley, Russ" <housley(_at_)spyrus(_dot_)com>
>Subject: Comment on draft-ietf-pem-signenc-01.txt
>Date: Tue, 02 Aug 94 09:29:45
>While there might be some esoteric cases where the ciphertext MIME message
>body should be signed, I do ot believe that this is the normal case. I
>suggest that a section be added to the ID which details this relationship.
>
>Russ
It depends upon the nature of the element of service one is trying to
provide, surely: message origin authentication (a service TIS folk
believe is that demanded by the PEM-like market) may certainly be
provided by signing the encrypted content, though this mechanism would
thereby not entail provision of the non-repudiation of message content
element of service, thereby. This is the stumbling point PEM has
traditionally not sumounted, until perhaps quite recently; many believe
that disassociating non-repudiation from authentication to be a key to
actual PEM deployment (when used in support of its non-privacy-related
authentication services), both for key distribution, and secure
messaging services. And so, all credit to the authors for bring all the
discussion to the point of concrete specification.
It is generally true that the new I-D requires a detailed statement of
the security services it pretends to provide, though, and the creation
of a rationale framework which enables one to ensure that
protocol/security-mechanism interactions are always state-safe wrt to
the specific and well-defined (or referenced) secure elements of service being
claimed. This would clear up many of the ambiguities of the statement
of design.
The current I-D comes across as something designed bottom-up to take
advantage of technological innovations and available MIME deployment
which might make the practice of secure e-mail more likely to be taken
up by the (growing) MIME user-base. The design concept does seem based upon a
philosophical belief of what the market requires, and addresses a
belief of what has held up deployment to date; yet, intellectually, and
in terms of security, it is indeed hard to know what you actually have in terms
of security offerings, at the end of the day.
(I know Russ, you dont think much of trusted agent security designs.
But, MOA signatures computed by the MTA switch (without complex crypto,
albeit), over potentially-encrypted content are actually being used
between commercial VANs to perform charging and settlement. Of course
this has nothing to do with the VAN users. Not does it have much to do
with privacy or confidentiality. but there is more to commercial
provider-based message switching than just the users.)