By Dan Backman
In the Bible, the story of the Tower of Babel tells of a complex system that falls apart from lack of communication. A city sought to build a tower to heaven, but was rewarded for its presumption by a curse: Everyone was doomed to speak a different language. Their communication hindered construction and the project became unmanageable. Besides being an interesting explanation for the existence of a multitude of languages, this tale is a suitable analogy for the current state of standards-based secure e-mail.
Today's Tower of Babel, the Internet, supports th
e lofty goal of global communications--but escapes the curse through strict adherence to standards. Blessed by the IETF, these standard protocols are scripture, forming a solid foundation for global interoperability. But fledgling standards remain on shaky ground for building an enterprise solution before they can be cannonized.
 To view the Report card.
Although proprietary enterprise messaging systems deliver various forms of security, each falls short when exchanging messages with the rest of the world. Standards-based mail, such as X.400-, SMTP- and MIME-based systems, deliver near-guaranteed interoperability, but provide few enhanced services, focusing mainly on simple message delivery. These mail systems are finding growing support in the enterprise because of their guaranteed interoperability. However, they offer few provisions for privacy or protection against tamp
ering.
S/MIME (Secure MIME) is not a new standard, but recent support from Microsoft Corp. and Netscape Communications Corp. brings it to the forefront of secure messaging. Promising increased integrity and security through the use of public key encryption systems, S/MIME is still a de facto standard organized by RSA Data Security and has yet to be blessed by the IETF.
Intrigued by S/MIME's promise of secure and centrally manageable, standards-based e-mail for the enterprise, we tested five S/MIME products in Network Computing's Syracuse University labs. Representing the latest generation of Web-browser integrated messaging clients are Microsoft's Outlook Express (a part of the Internet Explorer 4.01 suite) and Netscape's Messenger (Communicator 4.04). OpenSoft Corp.'s ExpressMail 2.5 is a standalone Internet mail client with S/MIME support. Baltimore Technologies' MailSecure and Worldtalk Corp.'s WorldSecure Client 2.2 add S/MIME capabilities by plugging into existing mail clients, such as Microsoft's
Exchange and Outlook or QUALCOMM's Eudora Pro.
Caveat Enterprise
Evaluating S/MIME as an enterprise solution was an eye-opening experience. We found some level of interoperability problems with every S/MIME product. Surprisingly, no product could successfully send and receive signed or encrypted messages for every one of its peers. Likewise, there were two disparate and incompatible certificate enrollment strategies (Web versus MIME-encoded messages) and two different S/MIME encoding formats (see "The Choice Is Clear," at www. Network Computing.com/902/902r2. html)--plus various hashing and encryption algorithms.
|
|
|
|
S/MIME Client Features and Interoperability matrix
, in Acrobat format.
Other Reviews
FRADs Make Sound Sacrifices to Get the Data Through
By Jeff Newman
The Messaging Choice Is Clear
By Dan Backman
Related Links
Secure Electronic-Mail: Return To Sender?
WorldSecure Server Combats E-Mail Plagues
IMAP And POP Mailers Make E-Mail Easy
|
our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at 
REPORTS
ANALYTICS
Follow 
