Ägypte n with S/MIME and OpenPGP

Jan Petranek jan.petranek@student.uni-tuebingen.de
Thu Oct 25 18:54:01 2001


On Fri, 19 Oct 2001, Jan-Oliver Wagner wrote:

> Date: Fri, 19 Oct 2001 14:02:05 +0200
> From: Jan-Oliver Wagner <jan@intevation.de>
> To: gpa-dev-list <Gpa-dev@gnupg.org>
> Subject: Re: Ägypten with S/MIME and OpenPGP
>
> Dear Jan,
>
> On Fri, Oct 19, 2001 at 12:30:59PM +0200, Jan Petranek wrote:
> > on the web site of the Ägypten project it is mentioned, that Ägyp=
ten (that
> > is, GnuPG) aims to be able to read S/MIME-formatted mails, certificat=
es
> > and so on as well as the OpenPGP format. As far as I know GPG, this m=
eans
> > also support for the old PGP 2.6.x format (well, in some limited way).
> >
> > How far has the implementation of the S/MIME come now?
>
> the aim of the Ägypten project is to sphinx-enable free software
> MUAs. S/MIME is one important element.
>
> We are currently in the process to make up a detailed design
> on how the solution might look like.
> It is updated regularly at the Ägypten homepage for open discussion.

My interest lies more to the issue, how implementing both (OpenPGP and
S/MIME) format would effect public-key-infrastructures. Up to now, it
looks like this:

Alice -------------< OpenPGP - Certifikate > -------------  Bob

Charlie -----------< S/MIME -Certifikate >----------------- Dora

While Alice and Bob are able to communicate, they both can't reach Charlie
and Dora, who are using S/MIME. Except, Alice uses two differen MUAs, one
for S/MIME and one for OpenPGP. So, the PGP and the S/MIME-world exist
separately from another.

If we take keyserververs into account, the picture looks like this:

Alice --< OpenPGP > --- [OpenPGP-Keyserver]---<OpenPGP>-------  Bob

Charlie -<S/MIME>-------[S/MIME-Keyserver]----<S/MIME>------- Dora

The keyserver might also be part of a CA, confirming that the key (n, e)
really belong to Alice.

Say, you finish the job and bring both OpenPGP and S/MIME to GnuPG. Alice,
using that software (I'd like to call it a dual MUA or 2MUA) would
generate her own keypair - say, she uses RSA, so she has the numbers n, d,
and e. She uses e and n (the public key material) to form an
OpenPGP-Certifikate. With the same program and key-material, she makes a
S/MIME-Certifikate. The situation looks like this now:


        |-< OpenPGP > --- [OpenPGP-Keyserver]---<OpenPGP>-------  Bob
Alice --|
[2MUA]  |
        |-<S/MIME>-------[S/MIME-Keyserver]----<S/MIME>------- Dora

Now, from Alice view, the PGP and the S/MIME-world work hand in hand. The
only trouble is having 2 different keyservers to maintain. That shouldn't
be that hard. However, if the keyserver also uses both formats, this could
ease the task of tracking the keys.
In case of a CA, also both keys would have to be signed.

        |-< OpenPGP > --|                      |--<OpenPGP>-------  Bob
Alice --|               |--[ Dual Keyserver ]--|
[2MUA]  |               |                      |
        |-<S/MIME>------|                      |--<S/MIME>------- Dora


In case, Bob also uses a dual MUA, this would be no trouble for him:

        |-< OpenPGP > --- [OpenPGP-Keyserver]---<OpenPGP>----|      Bob
Alice --|                                                    |---- [2MUA]
[2MUA]  |                                                    |
        |-<S/MIME>-------[S/MIME-Keyserver]----<S/MIME>------|

He would now only have to choose, which format to use. His 2MUA, however,
should realise, that Alice has sent her key (same person, same numbers) in
both formats. That should mean, she can communicate in either format.

> We haven't coded much at this point, but it is an essential
> idea to review existing code and if its quality is good, tie
> it together with other elements. Where no code is available
> we of course must write it on our own unless someone likes
> to participate.

Sorry, but up to now, I'm too lousy in C-programming to be helpful for
trusted applications :( (However, I'm learning...)

JanP

PS: Should this be the wrong place for this quite general discussion,
feel free to haunt me and point me to an apropriate list.