RSS
  Secure E-Mail Clients: Not Quite Ready For S/MIME Prime Time. Stay Tuned. |
By Dan Backman
In the Bible, the story of the Tower of Babel tells of a complex system that falls apart from lack of communication. A city sought to build a tower to heaven, but was rewarded for its presumption by a curse: Everyone was doomed to speak a different language. Their communication hindered construction and the project became unmanageable. Besides being an interesting explanation for the existence of a multitude of languages, this tale is a suitable analogy for the current state of standards-based secure e-mail. Today's Tower of Babel, the Internet, supports th e lofty goal of global communications--but escapes the curse through strict adherence to standards. Blessed by the IETF, these standard protocols are scripture, forming a solid foundation for global interoperability. But fledgling standards remain on shaky ground for building an enterprise solution before they can be cannonized.
S/MIME (Secure MIME) is not a new standard, but recent support from Microsoft Corp. and Netscape Communications Corp. brings it to the forefront of secure messaging. Promising increased integrity and security through the use of public key encryption systems, S/MIME is still a de facto standard organized by RSA Data Security and has yet to be blessed by the IETF. Intrigued by S/MIME's promise of secure and centrally manageable, standards-based e-mail for the enterprise, we tested five S/MIME products in Network Computing's Syracuse University labs. Representing the latest generation of Web-browser integrated messaging clients are Microsoft's Outlook Express (a part of the Internet Explorer 4.01 suite) and Netscape's Messenger (Communicator 4.04). OpenSoft Corp.'s ExpressMail 2.5 is a standalone Internet mail client with S/MIME support. Baltimore Technologies' MailSecure and Worldtalk Corp.'s WorldSecure Client 2.2 add S/MIME capabilities by plugging into existing mail clients, such as Microsoft's Exchange and Outlook or QUALCOMM's Eudora Pro. Caveat Enterprise Evaluating S/MIME as an enterprise solution was an eye-opening experience. We found some level of interoperability problems with every S/MIME product. Surprisingly, no product could successfully send and receive signed or encrypted messages for every one of its peers. Likewise, there were two disparate and incompatible certificate enrollment strategies (Web versus MIME-encoded messages) and two different S/MIME encoding formats (see "The Choice Is Clear," at www. Network Computing.com/902/902r2. html)--plus various hashing and encryption algorithms.
|
|
|
|
S/MIME Client Features and Interoperability matrix
, in Acrobat format.
FRADs Make Sound Sacrifices to Get the Data Through By Jeff Newman The Messaging Choice Is Clear By Dan Backman Secure Electronic-Mail: Return To Sender? WorldSecure Server Combats E-Mail Plagues IMAP And POP Mailers Make E-Mail Easy |
|||||||||||||||
our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at 
To view the Report card.
|
|
 |
|
|
