Cryptography Reference
In-Depth Information
network doesn't normally do an attacker any good, and the network can
even repair itself.
The optimum is probably somewhere in the middle. It would be desirable to
have a hierarchy that cannot be compromised, or where a few compromised
servers couldn't put the security at stake. I can think of an approach similar
to the timestamp protocol discussed in Section 6.6.1, where several computers
secure themselves.
It would be helpful if the PEM hierarchy was not a tree structure, but every
server had to be certified by
several
servers above it. The ANSI standard
X509.3 represents an improved development in this direction, but discussing it
would go beyond the scope and volume of this topic.
Traffic Analysis
PEM headers contain a whole range of information, particularly about senders
and receivers. This allows an intruder to easily determine who communicates
with whom, even if people use anonymous remailers. Though this might not
be important in practice, it may have played a role for some people to vote for
PGP and against PEM.
S/MIME Contra OpenPGP
PEM is hardly used anymore; S/MIME is the only thing people talk about in
addition to (or preferred over) OpenPGP nowadays. A full discussion of the
standard would go beyond the scope and volume of this topic. And it doesn't
really matter, because there is a wealth of literature on this popular mail encryp-
tion format developed by RSA (see, for example, [Schmeh; KirPGP]). Similarly
to PEM, S/MIME uses a hierarchy (PKI), and it is compatible with PEM, at
least its older versions are. The fact that it was embedded in MIME mail and
has been supported by major manufacturers, including RSA and Microsoft,
actually speak in favor of this standard rather than for OpenPGP. Moreover,
S/MIME let's you encrypt large attachments. Meanwhile, PGP followed up
on it with the
PGP/MIME
standard (which is supported by several products,
including the
Mutt
mailer).
However, things took a different turn. According to [KirPGP], about 60 % to
70 % of all encrypted mails were exchanged in OpenPGP format in 2001. One
of the reasons could have been the large number of platforms that support
OpenPGP — and OpenPGP simply has a more flexible structure. For example,
