Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!ucbvax!BBN.COM!kent From: kent@BBN.COM (Steve Kent) Newsgroups: comp.protocols.tcp-ip Subject: Re: Authenticated SMTP, anyone done one? Message-ID: <9106180335.AA16085@ucbvax.Berkeley.EDU> Date: 17 Jun 91 19:00:34 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 52 Larry, A few comments in response to our recent message about PEM and what facilities it provides: - PEM operates in conjunction with SMTP and RFC 822 mail. It is compatible with both and thus can be used to protect any RFC 822 message that can be sent via SMTP mail relays. Use of PEM is strictly voluntary; only Internet users who want the security services of PEM are expected to make use of it and, as you observed, it takes two to tango. - Your description of PEM security services and mechanisms was a bit short and not quite accurate. PEM uses DES, not RSA, to encrypt messages, but encryption is optional. PEM uses computes a message integrity check (MIC) on each message and encrypts it to provide message integrity and authenticity. The integrity and authentication functions are not optional, i.e., they are always employed. The version of PEM that we expect to be widely used employs RSA keys both to encrypt the MIC (for authenticity, integrity and a basis for non-repudiation) and to encrypt the DES key in support of confidentiality (secrecy). A key management infrastructure, based on the CCITT/ISO Directory authentication standards (X.509) is used by PEM to support distribution of the RSA keys. - A sender of a PEM-protected message can ensure that the message content is decipherable only by the intended recipients and that each recipient can verify the message inetgrity and the sender ID. PEM does not address directly more subtle confidentiality issues, e.g., traffic analysis, though "double-enveloping" can be employed to mitigate this threat as well. I hope this clarifies the issue of "what PEM does." As for timing, those of use working on the PEM standards are behind schedule, as noted. Three RFCs were issued almost 2 years ago and we are now trying to get revised standards out this summer. Several independent implementations of PEM are now undergoing testing on the Internet and arrangements for the key management infrastructure are progressing. The latter work includes a numer of activities, e.g., license agreements with RSA to enable a PEM freeware implementation to be made available and interoperable with product-level PEM implementations in the Internet. The bottom line on RSA licenses for PEM is that they are expected to be quite cheap, as little $2.50 per-user (maybe even less for students), if the keys are locally managed (by the school, company, or whatever organization with which the user is affiliated). I recommed you review the existing RFCs (1113-1115), or the Internet-Drafts which will replace them, for more info on PEM. Steve Kent Chair Internet Privacy and Security Research Group