Bill..,
Why don't you contemplate MOSS? From what I've read of the discussion on pem &
smime -dev, MOSS is the better approach.
Hey folks! I'm at Worldtalk Corporation and we're contemplating incorporating
S/MIME into our Internet gateway. Tim and Steve from RSA tell me that there are
a couple of you working on these problems also and said that more help would be
appreciated (even at this late date), so I hope I can be of some help.
Is it the feeling of this group that all vendors should use S/MIME and thus the
only thing a gateway has to do is pass the tagged encrypted parts through to a
mail system which will understand it?
Does a remote mail system have to know S/MIME or just PKCS?
Which "side" are we talking about? Doesn't WorldTalk deail with multiple mail
system gateways?
Is it possible to convert between S/MIME and other formats?
Possible yes (what isn't?). Practical hhmmmm...... When "translating"
anything,
there is always the notion of information loss & security holes. Tunneling is
the way to go. Concentrate on viewers & the notion Ned has brought out, remote
security servers for signed & private "stuff". This middle translation crud
will
just make things worse not better.
Is there any time when a gateway should be given public keys so that it can
actually unencrypt the mail and pass on the text (or whatever) in the clear?
Would seem to me this will break end-2-end signatures & privacy.
If
the local mail system does not have any capability to unencrypt messages itself
and there is high trust of the network, perhaps this would be a desirable
solution. Comments?
I do not believe this should be part of the MTA/Gateway stuff thus "hidden" to
the local MUA. The complexity is pushed to the middle. It shouldn't be there.
--
Cheers!
[ psr ]