As the Internet grows to reach a mass audience, it is put to new uses. Electronic mail has emerged as a fundamental enabling technology for personal messaging. Important among these new uses are personal data interchange (PDI) and electronic commerce. Email may be used to communicate and authenticate one’s desires (ecommerce) or rapidly exchange formatted directory information (PDI). This chapter looks at options for securing email so that it may better support electronic commerce. The next chapter will discuss the first of these endeavors likely to become standard: the vCard PDI format.

Several of these emerging standards are being addressed and assisted by the Internet Mail Consortium (IMC), an industry body that promotes email-related standards and the broader uses of email for new activities. IMC members include the usual messaging crew: IBM, Microsoft, Netscape, Sun, Nokia, Qualcomm, and many others.

The road to secure email has been a hard one. There have been several proposals, such as Privacy Enhanced Mail (PEM, described in RFCs 1421–1424) and the MIME Object Security Services (MOSS, described in RFC 1848). Both of these were proposed Internet standards that were not widely adopted by industry.

There are currently two competing approaches to secure email, OpenPGP (based on the popular Pretty Good Privacy encryption freeware) and S/MIME (based on RSA technologies and X.509 certificates). OpenPGP is Qualcomm’s choice for Eudora, while Netscape has implemented S/MIME.

This chapter attempts to show the directions that these two proposals are taking, including their message formats. Similarities between the two are shown where they exist, but it should be clear that the proposals were not designed to interoperate. Since no Internet standard has yet been adopted, we will give an introduction to both, accepting that a true standard may be a long time in coming in this volatile segment of the industry.

There is no way to discuss all of the cryptographic details of either proposal in a short chapter, and we won’t try. Instead, anyone interested in that level of detail will have to review the draft IETF proposals available on the Web. (See the IMC’s site at http://www.imc.org/.) This chapter will focus on the format of S/MIME and OpenPGP messages so that those readers interested in creating or parsing email messages can recognize and, to some degree, interpret these formats.