At 11:52 AM 10/27/95, Laurence Lundblade wrote:
In my understanding of S/MIME and MOSS, you basically cannot apply many of
the usual gateway conversions (attachments & data formats) without
seriously compromising security. If you choose the decrypt/encrypt route,
then the gateway must have people's private keys.
The reason, of course, that a gateway would want to do something to the
encrypted part is because there is MIME formatting (e.g., multiple
attachments) in it. I'm sure this has been discussed at length many times
over the years, but it seems this is the trade-off between protecting the
MIME structure of a message and the ability to gateway encrypted messages.
You protect the MIME structure because you don't want people to know the
number, types, and descriptions of the things you are sending. If you
decide only to encrypt the leaves of a message, then you lose some secrecy,
but you gain the ability to have gateways. From my understanding, both
S/MIME and MOSS (and the new PGP draft) have all opted for extra secrecy
with no possibly of gatewaying.
If my logic serves me this morning, this means to have secure interoperable
e-mail with, say, Microsoft mail, Microsoft mail clients are going to have
to understand a little MIME and vice versa (ugh). I hope my logic is
wrong...
Laurence Lundblade <lgl(_at_)qualcomm(_dot_)com>
QUALCOMM,Inc. 619-658-3584
Laurence,
Your question provides an opportunity to clarify a couple of important
parts of the MOSS design and its relationship to gateways.
First, signed message parts are treated differently are treated differently
from encrypted message parts. Signed message parts are readable by
gateways. If the message part is one of the composite types, i.e.
"multipart" or "message", its interior structure is fully visible to the
MIME gateway. Encrypted body parts, on the other hand, are completely
opaque and are encoded as "application" parts. A gateway cannot -- and
should not -- do anything with an encrypted body part except pass it on to
the end user's system.
Second, MOSS makes it possible for the sender to protect either the leaves,
the entire message, any intermediate level, or any combination of these.
It is the sender who chooses what levels to encrypt and/or sign. As you
observe, if the leaves are encrypted, the overall structure of the message
is visible and it may be possible for an eavesdropper to infer something
that he wouldn't if the entire message were encrypted. However, with the
structure of the message visible, gateways may be able to route one portion
in one direction and another portion in another direction. (To be fair,
the most likely reason to have part of a message encrypted and another part
not is much simpler and unrelated to gateways: Someone may want to forward
an encrypted message with a cover note that is readable by an assistant.)
There was considerable attention given to gateways in the design of MOSS.
Some gateways do things on behalf of a user which are really user-agent
functions and not gateway functions. Such things are hard to do with
protected messages unless the gateway is given the user's key, and there
was very little desire among gateway builders or operators to move the
security boundary into the gateway, although it's certainly possible to do
so with MOSS, S/MIME or any of the security protocols. What we discovered
instead was that the introduction of a security system forced a cleaner
analysis of what functions belonged in a gateway and what did not.
Steve
--------------------
Steve Crocker Main: +1 703 620 4200
CyberCash, Inc., Suite 430 Desk: +1 703 716 5214
2100 Reston Parkway Fax: +1 703 620 4215
Reston, VA 22091
crocker(_at_)cybercash(_dot_)com