Cryptographic Standards Meet the Internet -- Head-On

When is a standard not a standard? Perhaps when it's a proposed Internet standard that uses proprietary technology. When (at the end of August) RSA's S/MIME (Secure/MIME) proposal got what seemed to be a brush-off from key players at the IETF, PGP rushed to take advantage and propose a new specification for secure e-mail based in part on the Pretty Good Privacy "web of trust" model, where certificates gain authority by being signed by people you know. Called OpenPGP, the standard wo uld also permit a hierarchical approach to accommo-date certification authorities (CAs), X.509 certificates, and other already-accepted standards.

S/MIME's backers, accused of foot-dragging, saw their baby apparently consigned to the bit bucket by an onslaught of negative press -- until IETF officials relented on the terms they would require from RSA before considering S/MIME. RSA is meeting these terms, including making freely available its proprietary algorithms for use in S/MIME implementations. S/MIME's reliance on U.S.-exportable (i.e., 40-bit) keys for encryption still troubles opponents. The weak keys represent a compromise to turn S/MIME into a global solution, but this approach could backfire, since U.S. and foreign users alike might ultimately reject such breakable encryption. This is particularly true if a stronger solution is available -- something like PGP, as PGP officials are happy to point out. However, with Microsoft, Netscape, and many other vendors standing behind the ir support for S/MIME, by next year it may very well replace PGP as the de facto standard for secure e-mail, no matter what the IETF does.