- Michael Ströder wrote:
> Ed,
>
> you've asked for feedback on
> http://email-security.net/papers/pki-pgp-ibe.htm.
>
> "1. DESIRABLE FEATURES REFERENCE SHEET"
> I don't understand F18 and F19. Maybe you're
> referencing transparent
> encrypting of e-mail attachments? But then this
> should not be limited to
> HTML attachments.
Yes, you're right. It has been improved in the new
version at
http://email-security.net/papers/pki-pgp-ibe.htm
> Personally I'd never use a e-mail software which
> follows this requirement:
> "(**) [..] If the recipient wishes to decline to
> provide the receipt,
> the recipient should not attempt to decrypt the
> message."
This is the same rule that postal mail follows. The
receipt is useful for both sender and recipient, in
addition as evidence for the sender; for example, if
the sender knows that the recipient read (decrypted)
the email, the sender does not have to send another
email or make a call.
> "2. PROBLEMS / ATTACKS REFERENCE SHEET"
> P1 to P5 seems to be very much related to
> client-server processing. Are
> you pointing to web-based e-mail clients here? If
> yes, I'd suggest to
> make this more clear in the text by explicitly
> mentioning this type of
> service.
They apply to desktop-, intranet- or web- based. For
example P15 applies to PGP, web based or not.
> It's not clear to me why you list "F6 Base 64
> Encoding" as a feature.
It looks like a lame feature but some email products
do it better than others. For product evaluation you
can change the check mark to a product-specific grade.
Cheers,
Ed Gerck
Welcome to Email-Security. This is a technical development forum dedicated to a fresh exploration of the Internet email security issues of today, with website at http://email-security.net. Comments and paper contributions on the theme of email security are welcome. Papers will be peer-reviewed before publication. Product and service listings are also welcome, see website.
Thursday, December 15, 2005
Re: Comparison of X.509 / PKI, PGP, and IBE
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment