DOC PREVIEW
MASON ECE 646 - COMPARISON OF PGP AND S/MIME EMAIL SECURITY STANDARDS

This preview shows page 1-2-3-4-5 out of 16 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

SECTION 1COMPARISON OF PGP AND S/MIME EMAIL SECURITY STANDARDS FOR APPLICATION TO A LARGE ENTERPRISE TOM KRAMLIK ECE 590:003 MAY 1, 1999TABLE OF CONTENTS SECTION PAGE NUMBER 1. INTRODUCTION ...........................................................................................................1 1.1 PURPOSE............................................................................................................1 1.2 SCOPE.................................................................................................................1 1.3 DOCUMENT ORGANIZATION .......................................................................1 2. PGP OVERVIEW............................................................................................................2 2.1 CIPHERS AND ALGORITHMS USED ............................................................2 2.2 PGP PUBLIC KEY CERTIFICATION HIERARCHY ......................................3 2.3 IMPLEMENTATIONS OF PGP.........................................................................3 2.4 STRENGTHS AND WEAKNESSES OF PGP...................................................4 2.4.1 OpenPGP Incorporation of X.509 Certificates........................................4 2.4.2 Use of Non-proprietary Ciphers and Algorithms.....................................5 2.4.3 Compatibility with MIME .......................................................................5 2.4.4 Export and Import of PGP .......................................................................5 2.4.5 Free PGP..................................................................................................5 3. S/MIME OVERVIEW.....................................................................................................6 3.1 CIPHERS AND ALGORITHMS USED.............................................................6 3.2 S/MIME PUBLIC KEY CERTIFICATION HIERARCHY ...............................6 3.3 IMPLEMENTATIONS OF S/MIME ..................................................................7 3.4 STRENGTHS AND WEAKNESSES OF S/MIME............................................7 3.4.1 Use of Non-proprietary Standards ...........................................................8 3.4.2 Compatibility with MIME .......................................................................8 3.4.3 Incorporation in Commercial Communications Software.......................8 3.4.4 Costs of Public Key Infrastructure...........................................................8 4. APPLICATION TO CORPORATE ORGANIZATIONS.............................................10 4.1 APPLICATION TO LESS THAN 100 USERS................................................10 4.2 APPLICATION TO 1,000 USERS....................................................................11 4.3 APPLICATION TO 5,000 TO 20,000 USERS .................................................11 5. CONCLUSIONS............................................................................................................13 iiSECTION 1 INTRODUCTION Competing standards are vying for dominance among users of electronic mail (email). Today, proponents of secure multipurpose internet mail extension (S/MIME) and pretty good privacy (PGP) are evolving these competing standards to capture a majority share of the corporate market for email products. This report provides a summary view of the competition and addresses which standard will likely win. 1.1 PURPOSE This report provides a concise summation of the technical and market strengths and weaknesses of PGP and S/MIME that enables the reader to make an informed choice on which standard will become the defacto option. Further, the report can assist a reader who wishes to choose the best standard for an organization of specific size. 1.2 SCOPE This report considers the strengths and weaknesses of PGP and S/MIME for organizations ranging in size from under 100 users to 20,000 users. The specific ciphers, digital signatures, and certification schemes used are considered. Also, an overview of products using the competing standards are included. 1.3 DOCUMENT ORGANIZATION The report contains 5 sections, including this one. Section 2 provides details on the PGP standard and implementations. Section 3 provides details on the S/MIME standard and implementations. Section 4 provides a comparison of the standards when applied to various size organizations. Section 5 contains conclusions about the potential for each standard. 1SECTION 2 PGP OVERVIEW Pretty good privacy (PGP) exists in several versions and has been evolving to meet the needs of larger organizations. Some industry experts are cited as estimating that 90-95 percent of all encrypted messages are encrypted with PGP. Pre-existing versions, including PGP 2.6.x which has many variations, and PGP 5.x, also referred to as PGP3, have been used for several years. A new standard, OpenPGP, is based on the PGP version 5.x and is being promoted for widespread use. This section provides an overview of PGP with particular emphasis on the OpenPGP standard. The ciphers, digital signature algorithms, and hierarchy of public key certificates are discussed. Also, particular strengths and weaknesses of the standard are identified. Finally, products using the PGP standard are identified, along with the email software market representation of PGP. 2.1 CIPHERS AND ALGORITHMS USED BY PGP OpenPGP uses three key (168-bit total) triple DES (DES EDE3) using the ciphertext feedback (CFB) mode. PGP also includes options for use of IDEA or CAST-128 with 128-bit keys. The movement in development of OpenPGP to triple DES is intended to free the standard from patent issues associated with the use of CAST-128. OpenPGP provides for compression of email messages to speed transmission. Messages are compressed before encryption using the ZIP algorithm. This reduces the number of bits and the redundancy in the message, and makes it more difficult to cryptanalyze the message than encrypting alone. Message length is reduced by 50 percent using the ZIP algorithm. OpenPGP uses the hash algorithm SHA-1 and the DSS signature algorithm for generating digital signatures. Older versions of PGP used the MD5 hash algorithm and RSA for signing, but as with CAST-128 this involved patent issues that the proponents of Open PGP are attempting to avoid in promoting the new standard. Table 2-1: Ciphers and Algorithms Used


View Full Document

MASON ECE 646 - COMPARISON OF PGP AND S/MIME EMAIL SECURITY STANDARDS

Documents in this Course
Load more
Download COMPARISON OF PGP AND S/MIME EMAIL SECURITY STANDARDS
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view COMPARISON OF PGP AND S/MIME EMAIL SECURITY STANDARDS and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view COMPARISON OF PGP AND S/MIME EMAIL SECURITY STANDARDS 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?