W3C home > Mailing lists > Public > ietf-discuss@w3.org > November 2002

Re: MIME Multipart security?

From: Chris Newman <Chris.Newman@Sun.COM>
Date: Fri, 08 Nov 2002 11:03:51 -0800
To: Dave Crocker <dcrocker@brandenburg.com>
Cc: Paul Hoffman / IMC <phoffman@imc.org>, discuss@apps.ietf.org
Message-id: <2147483647.1036753431@nifty-jr.west.sun.com>

begin  quotation by Dave Crocker on 2002/11/7 22:36 -0800:
> The UI problem is difficult.  And certainly the products I have seen
> are not easy enough to use.  I'm not sure there is much the IETF can
> do about that, though, unless we can devise a cert scheme that
> naturally creates an easy user scenario.
>
> Offhand, I'd suggest that both email and the web have in fact done
> just that. The basic model for each of them is wonderfully simple. Can
> we say the same for PGP or S/MIME?  Or at least for an acceptable cert
> mechanism?

The problem is that the majority market is not willing to compromise much 
in the way of usability in order to attain security (and rightly so, IMHO). 
And there are only two security user interfaces that have proven to be 
widely deployable: username/password entry forms and smart cards that "just 
work" like house keys or car keys.  I predict that any public-key scheme 
which fails to present one of those two user interfaces as the default user 
interface in the majority of products will be a failure in the general 
market.

> SASL is popular.  Would that we could have such a security negotiation
> framework for store-and-forward object security.  Alas, trying to
> "negotiate" in store and forward is rather difficult, as the
> email-based use of CONNEG is demonstrating.

Be aware that SASL does not solve the problem of "mandatory-to-implement 
interoperable security that's better than unencrypted plaintext passwords". 
I worked for years to determine the best answer to that problem, and came 
up with two reasonable options: TLS+plaintext passwords and DIGEST-MD5 (the 
market leans heavily towards the former, but the latter does offer a useful 
cheap alternative and the combination of both is interesting).

What makes SASL popular is there are so many connection-based 
authentication mechanisms (most of which can be presented as a 
username/password entry form) which provide valuable tradeoffs, that the 
abstraction layer is vital.  I'd say all of the following SASL mechanisms 
have characteristics that make them worth using in some scenarios: PLAIN, 
DIGEST-MD5, CRAM-MD5, OTP, Kerberos, SRP, SecureID.  Plus it would be 
possible to develop a few more that would also fill useful market niches.

> But SASL is not just a negotiation framework.  It is a common
> representation framework.  Would it help to have that for MIME?
>
> Oh.  We do.  That's what Multipart MIME Security was intended to be.
> The problem is that it isn't used much or at all by the two standards.

I'm somewhat dubious of the value of Multipart MIME Security.  Because 
object-security is most useful in an enviornment where negotiation is not 
an option, the number of useful fundamental mechanisms I can think of ends 
up in the 2-3 range rather than the 8-12 range.

> The other is to revive the simple PKI effort, to get a basic mechanism
> that supports only a core set of cert functionality -- rather than the
> cornucopia of policies that have been pursued -- and that scales but
> is real, real easy to use.

A major problem is that the customers who pay real money for 
top-of-the-line object security have already choosen S/MIME and have little 
interest in any alternative.  That leaves most large companies with no will 
to expend resources on the larger problem of deployable object security.

While it would be entertaining to try a 4th attempt at application-level 
object security (preferably this time with more input from application 
experts and less from security purists), I think the odds of succeeding 
have decreased significantly since the last 3 attempts.  If you really 
wanted to pursue this direction, here's what I think it would take to 
succeed:
1) Really good open-source implementations with free-for-commercial use 
license, at least one in C and one in Java.
2) Transition strategy from existing PKI systems that works and is included 
in 1.
3) A really good spec, that includes good discussion about user interface 
requirements and how to deploy the system into an untrained average user 
community (likely involving automatic fetching of generated private keys 
over the Internet using TLS and a username/password pair).
4) A major vendor or consortium backing the effort with enough clout to get 
the attention of the trade rags.

Of these, 1 and 2 are just plain hard, 3 goes against IETF traditions 
enough that I think the IETF would be the wrong standards group to do this 
in, and 4 may be nearly impossible in the current business climate.

                - Chris
Received on Friday, 8 November 2002 14:48:22 UTC

This archive was generated by hypermail 2.3.1 : Monday, 16 July 2018 13:05:40 UTC