| Previous slide | Next slide | Back to the first slide | View Graphic Version |
S/MIME (MIME - multipurpose internet mail extensions) and PGP may be the only contenders. Both are based on RSA. S/MIME defines security svcs for mime according to the syntax in PKCS #7 (Public Key Cryptography Std) #7 defines syntax for msgs w/cryptography enhancements, such as sigs and encryption. Uses X.509 certs. PKCS is a set of stds written by RSA Data Security Inc. to provide an interface to pub key cryptography - programmers use these stds.
PEM (privacy enhanced mail), a draft std not yet accepted, it supports private and public key encryption. Public key encryption is via x.509 certs, uses DES (private key) and RSA (public key). S/MIME will likely win over PEM. (MSP is Msg Security Protocol)
PGP is a sw pkg dev by Phil Zimmerman. It provides routines for msg encryption, digital sigs and data compression. Uses RSA,IDEA. There are no certs or CA’s used in PGP. It uses a web of trust (or chain of trust). Users sign each other’s public keys creating an interconnected community of PGP users.
Alice wants to communicate with Carold. Alice gives Carol her pub key which was signed by Bob. Carol knows Bob’s pub key (and verfied his sig) and trusts him to sign other keys therfore she chooses to trust that this is Alice’s key. Bob has therefore introduced Alice to Carol.
MIME Object Security Services (MOSS) Internet Email Securityl