Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

November 10, 1997, Section: News

RSA's S/MIME migrates to enterprise

By Charlotte Dunlap

San Francisco -- RSA Data Security Inc. is on a mission to infiltrate its secured E-mail technology beyond the mission-critical enterprises and into the industry.

One month before the security kingpin is hoping to establish an Internet Engineering Task Force S/MIME working group, RSA is aggressively rallying vendors to push the secured E-mail technology to corporate enterprises.

S/MIME and encrypted E-mail message capabilities typically are viewed as technology for the financial and government communities conducting top-secret communications.

Now RSA, based in Redwood City, Calif., is trying to show VARs and corporations that the S/MIME technology is simple enough and affordable enough to implement into mainstream enterprise systems.

S/MIME and other E-mail technologies enable E-mail messages to include digital signatures, which verify who the sender is, and encryption, which allows only the proper receiver to decrypt the message.

S/MIME has not automatically been ushered into the industry, however.

Although the security specification is widely viewed as a de facto standard, integrated into the client applications of major computer vendors including Microsoft Corp. and Netscape Communications Corp., controversy has risen over the fact that RSA charges licensing fees for its technology.

RSA, therefore, is aiming to prove to the IETF it can not turn its back on a specification that is widely used in the industry.

One MIS manager from Wells Fargo Bank said her company was backing S/MIME despite the licensing fees.

"We don't like having to pay for anything, but because security is our No. 1 motivation and there are no other acceptable standards now, we don't mind," she said.

A slew of vendors, including VeriSign Inc., have launched programs this month based around a promotion called "Get S/MIME."

These vendors are offering users 30-day free trials in an effort to spur interest.

RSA also said it is integrating S/MIME with the government's secured E-mail specification, Message Security Protocol.

"E-mail is the killer application of the Internet," so secured E-mail has the potential of also becoming the killer application of the Internet, RSA President and Chief Executive Jim Bidzos said.

S/MIME also is being integrated into applications that do not require a Web browser.

Some vendors, particularly from Japan, are integrating the security specification into applications supporting audio and multimedia such as photographs, so nontext communications also may attach digital signatures.

VeriSign also outlined what it calls the first LDAP (lightweight directory access protocol)-compliant certificate directory service, which is implemented via its integration with Web browsers.

VeriSign also just announced a Web-based public Digital ID directory service that works with any LDAP-enabled E-mail client, allowing users to locate another person's Digital ID directly through their Netscape Messenger or Microsoft Outlook E-mail applications.

Another directory vendor, Worldtalk Corp., announced in September its own directory product, called NetTalk. The company is planning a global version of the directory service in 1998.