Re: Comparison of X.509 / PKI, PGP, and IBE

- Michael Ströder wrote:

> Ed,
>
> you've asked for feedback on
> http://email-security.net/papers/pki-pgp-ibe.htm.
>
> "1. DESIRABLE FEATURES REFERENCE SHEET"
> I don't understand F18 and F19. Maybe you're
> referencing transparent
> encrypting of e-mail attachments? But then this
> should not be limited to
> HTML attachments.

Yes, you're right. It has been improved in the new
version at
http://email-security.net/papers/pki-pgp-ibe.htm

> Personally I'd never use a e-mail software which
> follows this requirement:
> "(**) [..] If the recipient wishes to decline to
> provide the receipt,
> the recipient should not attempt to decrypt the
> message."

This is the same rule that postal mail follows. The
receipt is useful for both sender and recipient, in
addition as evidence for the sender; for example, if
the sender knows that the recipient read (decrypted)
the email, the sender does not have to send another
email or make a call.

> "2. PROBLEMS / ATTACKS REFERENCE SHEET"
> P1 to P5 seems to be very much related to
> client-server processing. Are
> you pointing to web-based e-mail clients here? If
> yes, I'd suggest to
> make this more clear in the text by explicitly
> mentioning this type of
> service.

They apply to desktop-, intranet- or web- based. For
example P15 applies to PGP, web based or not.

> It's not clear to me why you list "F6 Base 64
> Encoding" as a feature.

It looks like a lame feature but some email products
do it better than others. For product evaluation you
can change the check mark to a product-specific grade.

Cheers,
Ed Gerck