> http://www.linuxsecurity.com/articles/cryptography_article-4356.html > > A Brief Comparison of Email Encryption Protocols > Raph Levien > Posted By: Jen Olson > 1/30/2002 14:31 > > Update: Shaun Gordon pointed out this article is quite old, and while not > current still contains useful info. This document briefly reviews and > compares five major email encryption protocols under consideration: MOSS, > MSP, PGP, PGP/MIME, and S/MIME. Each is capable of adequate security, but > also suffers from the lack of good implementation, in the context of > transparent email encryption. I will try to address issues of underlying > cryptographic soundness, ease of integration with email, implementation > issues, support for multimedia and Web datatypes, and backwards > compatibility. > > An additional grave concern is key management. Contrary to some beliefs,key > management is not a solved problem. All of the proposals contain some > mechanism for key management, but none of them have been demonstrated to be > scalable to an Internet-wide email system. My belief is that the problems > with key management do not stem from the classic Web of trust/certification > hierarchy split, but the nonexistence of a distributed database (with nice > interfaces) for holding keys. The encryption protocols also stand in the way > of such a database, with key formats that are either overly complex, > inadequate, or both. > > Shaun Gordon writes, "You might want to consider taking down the article "A > Brief Comparison of Email Encryption Protocols. This is a pointer to a > document that is six years old (it appears to be written in March of '96). > This could be particularly misleading to some people as there is no clear > date on the article, but it does refer to the upcoming PGP 3.0 which will be > released in the fall of '96." >
