November 10, 1997
Push For Net Standard
Group works toward adoption of S/MIME
S/MIME uses an algorithm to encrypt and decrypt Internet messages, including E-mail, electronic data interchange, and push-technology messages. The protocol also enables the exchange of digital signatures-pieces of code that verify the identity of the people who send them. Microsoft and Netscape Communications support S/MIME 2 in the 4.0 versions of their browsers, making the technology available to millions of potential users.
Companies such as Wells Fargo hope to transact secure electronic commerce with those users. The San Francisco bank now swa
ps data with large business customers via EDI over value-added networks. But the cost of EDI on leased lines is too high to justify low-volume transactions with medium and small businesses.
So the bank is considering S/MIME for EDI transactions with smaller customers and to secure cash-management applications such as home banking.
The largest hurdle to deploying S/MIME has been interoperability, according to Rita Perez, VP of EDI at Wells Fargo. "We'd like to reach everyone. But we need all the vendors involved so we can deploy at a certain level," she says. The bank wants to be sure all its customers use one, interoperable security protocol.
In Need Of Support
More vendors may support S/MIME once the IETF appr
oves the protocol, especially since an approved version wouldn't rely on proprietary technology. S/MIME 2, the current version, relies on the digital signature algorithm of RSA Data Security Inc., but the next version will be based on freely available algorithms. "The IETF has a very strong bias toward making standards on nonproprietary technologies," says Jeff Schiller, director of the security area for the IETF.
Since U.S. vendors wouldn't have to buy licenses from RSA, more are likely to support S/MIME, says Paul Hoffman, director of the Internet Mail Consortium, an industry group whose members include Netscape, Microsoft, Lotus, and Qualcomm.
Hoffman says he will ask members to commit to a protocol by the end of this year in hopes of establishing an interoperable standard. "We really want our members to coalesce on this," he says, "because it's taken too long."
formal group within the Internet Engineering Task Force will meet for the first time next month to work toward making the S/MIME protocol a standard for secure Internet messaging. A standard protocol will drive widespread adoption of secure, lower-cost Internet messaging among businesses and consumers, industry observers say.
Support for S/MIME 2 in the Microsoft and Netscape browsers helps, Perez says, but other vendors haven't gotten on board. Qualcomm Inc., for example, ships its popular Eudora E-mail client with support for the Pretty Good Privacy protocol, which is incompatible with S/MIME.
This Week's Issue
Technology Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
