X.400 has security defined; Internet Mail has PGP, PEM and MOSS

My belief is the following:

The state of X.400 security

The X.400/88 standards added security to X.400; everyone knows that.

What is not immediately obvious is that what was added was a framework for security; it defined the concept of a "security label" and allowed you to use an OID for identifying your security labelling scheme, but no labelling scheme was actually specified.

In a similar vein, there was room for a lot of algorithm identifiers to achieve message integrity, message confidentiality, non-repudiation of origin, non-repudiation of delivery, non-repudiation of receipt and so on - but the actual algorithm identifiers, key lengths and key management schematics were not defined.

This state of affairs has of course led to the development of profiles detailing the way these features are to be used in contexts that need them; I suspect that one of the more complete ones is the one used by NATO for their E-mail (perhaps NATO STANAG 4406), but I've never seen it, so I don't know.
(BTW, the US military created a completely different scheme, which was supposed to work across the SMTP/X.400 boundary, but was incompatible with the X.400-defined security functions. I don't know much more about it than this.)

At the moment, I know of two systems (the Alcatel one and one from Siemens Nixdorf) that claim to offer X.400 security; there may be more; I don't know if they interoperate.

The state of Internet security

The Internet operates mostly according to a very open model: "First get it working, then use it, then yell at those who abuse it, then think about security".
This process gets working services fast, can be noisy at times, and doesn't exactly encourage security as a designed-in component.
Nonetheless, there is some progress in the area of Internet mail security.

The first thing the Internet community did (more or less) was to abandon the idea of a system where security requires control over the whole network. Internet security services today fall mainly into two areas:

  1. Firewall services, that ascertain that only a limited amount of interaction can occur between what's "inside" and what's "outside".
  2. End-to-end services, where the security depends only on the security of the endpoints, and not on the security of the intervening network.
The last model is the one that has been seen as most appropriate for E-mail.

The first attempt, starting in the Internet Research Task Force, was Privacy Enhanced Mail (PEM). Its RFCs, published in February 1993, defined a format for encrypted and signed mail that could be used in conjunction with a global certification hierarchy rooted at the Internet Policy Registration Authority (IPRA).

Unfortunately, lots of time was lost in dealing with the underlying assumption that X.500 would be the directory service; IPRA was finally online in 1994 (CHECK THIS!), nobody seemed to want to use it. Another development, MIME, didn't sit too well together with PEM; the confusion about this helped slow PEM's takeoff.

The second attempt was Pretty Good Privacy (PGP), which was the effort of a single person, Phil Zimmermann, who wrote a really good E-mail encryption program with a lousy user interface that could be used on both DOS and UNIX platforms, without any underlying "hierarchy"; instead, it was based on a "web of trust" model, which works fine in communities on the order of a few thousand members, and hasn't broken down completely yet.
He earned global fame as well as the honor of being investigated for various crimes, including using the well-documented RSA cryptoalgorithm without using the patent-owner's legally available implementation of it (RSAREF) and the possible breach of rules governing the export of crypto software from the US (ITAR) that must have occured when copies of PGP showed up outside the US.

He has since settled the conflict about PGP, but the US government is continuing its investigation into his relationship with possible breaches of ITAR. See any PGP Web page for more info.

Nonetheless, PGP is available all over the world, free for non-commercial purposes, at a price in the US for commercial purposes, and is documented by its implementation. It, too, has problems in relating harmoniously to MIME.

The third effort to provide E-mail security on the Internet was also carried forward in the PEM group; it has now resulted in two RFCs, RFC 1847 and 1848, published in October 1995; one (Security multiparts, RFC 1847) defines a general way of providing security services that harmonize with MIME, the other (MIME Object Security Services, or MOSS, RFC 1847) specifies how to use these security services with a public key cryptosystem as the basis; PEM certificates are supported as one possible way of handling public keys.
Two implementations of this exist that I know of; one (TIS/MOSS 7.1) is freely available inside the US, I don't know the conditions of the other (ISODE Consortium) at the moment. They are know to interoperate.

The services offered by MOSS are much fewer than those provided by X.400 (88) security services; it offers only message encryption and message authentication, plus certificate transfer formats. No attempt to provide security of an E-mail transaction in itself is done at all; no attempt to provide nonrepudiation services or proof-of-delivery services is made.

An effort is underway (draft-elkins-pem-pgp-01.txt, at the moment of writing) to use the RFC 1847 security multiparts to support messages encrypted with PGP, providing at least a common means of hiding the "cyberjunk" of signatures from those who don't care about them.

In summary, the state of secured E-mail in the Internet is:

The UK academic community's networking company, UKERNA, has started an effort to deploy PGP on the scale of one million users; the Netherlands academic network (SURFnet) is doing the same, and others are watching with great interest. At the same time, the EU 4th framework program is pushing the "ICE" project, which, among other things, is supposed to establish a certification hierarchy based on the same base standards as used in PEM and MOSS.

(Note that other recent developments, namely RFC 1825-1829, provide what the Internet community believes to be effective protocols for encrypting or authenticating traffic at the IP protocol layer. Key management is being addressed in ongoing work. This may sooner or later turn into tools for authenticating network connections in an open manner)

Last modified: Mon Aug 25 09:29:22 1997