Chapter 5. OpenPGP and S/MIME

In this chapter:

  • An Extremely Brief Introduction to Security Concepts

  • An Overview of OpenPGPand S/MIME

  • Combining Security and MIME

  • The OpenPGP Format

  • The S/MIME Format

As the Internet grows to reach a mass audience, it is put to new uses. Electronic mail has emerged as a fundamental enabling technology for personal messaging. Important among these new uses are personal data interchange (PDI) and electronic commerce. Email may be used to communicate and authenticate one’s desires (ecommerce) or rapidly exchange formatted directory information (PDI). This chapter looks at options for securing email so that it may better support electronic commerce. The next chapter will discuss the first of these endeavors likely to become standard: the vCard PDI format.

Several of these emerging standards are being addressed and assisted by the Internet Mail Consortium (IMC), an industry body that promotes email-related standards and the broader uses of email for new activities. IMC members include the usual messaging crew: IBM, Microsoft, Netscape, Sun, Nokia, Qualcomm, and many others.

The road to secure email has been a hard one. There have been several proposals, such as Privacy Enhanced Mail (PEM, described in RFCs 1421–1424) and the MIME Object Security Services (MOSS, described in RFC 1848). Both of these were proposed Internet standards that were not widely adopted by industry.

There are currently two competing approaches to secure email, OpenPGP (based on the popular ...

Get Programming Internet Email now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.