The following is an interesting collection of data about the differences between OpenPGP (used by Enigmail) and S/MIME (the system automatically included with Thunderbird, Outlook Express etc.)
S/MIME vs OpenPGP
On this page we discuss the difference between S/MIME and OpenPGP, and explain why you might want to choose OpenPGP instead of S/MIME.
Security services can be added to a communication link along a path, or can be wrapped around the data being sent, so that it is independent of the communication mechanism. This latter approach is often called "end-to-end" security and it has become a very important topic for users.
The two basic features of this type of security are privacy (only the intended recipient can read the message) and authentication (the recipient can be assured of the identity of the sender). The technical capabilities for these functions has been known for many years, but they have only been applied to Internet mail recently.
There are currently two actively proposed methods for providing end-to-end security: S/MIME and PGP (both in its early incarnation as PGP/MIME, and as the new OpenPGP standard). Other protocols have been proposed in the past (most notably PEM and MOSS), but they did not garner much interest in the market. However, many major Internet mail vendors have begun to ship products using S/MIME, PGP/MIME, and OpenPGP.
About the Protocols
These services typically include authentication of the originator and privacy for the data. They can also provide a signed receipt from the recipient. At the core of these capabilities is the use of public key technology and large-scale use of public keys requires a method of certifying that a given key belongs to a given user.
Although they offer similar services to users, the two protocols have very different formats. Further, and more important to corporate users, they have different formats for their certificates. This means that not only can users of one protocol not communicate with the users of the other, they also cannot share authentication certificates. The difference between the two protocols is similar to the differences between GIF and JPEG files: they both do basically the same thing for end users, but thir formats are very different.
S/MIME was originally developed by RSA Data Security, Inc. It is based on the PKCS #7 data format for the messages, and the X.509v3 format for certificates. PKCS #7, in turn, is based on the ASN.1 DER format for data.
PGP/MIME is based on PGP, which was developed by many individuals, some of whom have now joined together as PGP, Inc. The message and certificate formats were created from scratch, and use simple binary encoding. OpenPGP is also based on PGP.
S/MIME, PGP/MIME, and OpenPGP use MIME to structure their messages. They rely on the multipart/signed MIME type that is described in RFC 1847 for moving signed messages over the Internet. A single mail client could conceivably accept and send both formats.
Current Status
There has been a great deal of confusion in the press (and even within the IETF) about the status of S/MIME v2, S/MIME v3, PGP/MIME, and OpenPGP. People outside the IETF seem to get particularly concerned with the IETF process and the status of a technology in the IETF, even though IETF participants are quite used to having things be a bit nebulous in the IETF.
Status of S/MIME
S/MIME's initial version developed by a private consortium of vendors. S/MIME v2 had achieved wide adoption throughout the Internet mail industry. Most implementors have created their software using various drafts of the S/MIME v2 protocol that have been circulated in the IETF. The parts of the S/MIME v2 protocol are:
* S/MIME Version 2 Message Specification (RFC 2311)
* S/MIME Version 2 Certificate Handling (RFC 2312)
* PKCS #1: RSA Encryption Version 1.5 (RFC 2313)
* PKCS #10: Certification Request Syntax Version 1.5 (RFC 2314)
* PKCS #7: Cryptographic Message Syntax Version 1.5 (RFC 2315)
* Description of the RC2 Encryption Algorithm (RFC 2268)
All of these RFCs are informational RFCs. It is important to note that S/MIME v2 is not an IETF standard. S/MIME v2 requires the use of RSA key exchange, which was previously encumbered by U.S. patents held by RSA Data Security, Inc.; further, S/MIME v2 requires the use of weak cryptography (40-bit keys). Both of these issues have prevented the protocol from being accepted as an IETF standard as well.
The current work on S/MIME is being done in the IETF's S/MIME Working Group. S/MIME v3 was made a standard in July, 1999. The charter for the S/MIME WG describes the current work being done. The S/MIME WG has a web page hosted by IMC.
The S/MIME v3 standard consists of five parts:
* Cryptographic Message Syntax (RFC 3852)
* Cryptographic Message Syntax (CMS) Algorithms (RFC 3370)
* S/MIME Version 3.1 Message Specification (RFC 3851)
* S/MIME Version 3.1 Certificate Handling (RFC 3850)
* Diffie-Hellman Key Agreement Method (RFC 2631)
An additional protocol, Enhanced Security Services for S/MIME (RFC 2634), is a set of extensions to S/MIME to allow signed receipts, security labels, and secure mailing lists. The first two of these extensions will work with either S/MIME v2 or S/MIME v3; secure mailing lists will only work with S/MIME v3.
A freeware S/MIME v3 toolkit is now available in pre-release form. See the toolkit home page for more information.
The S/MIME certificate structure is based on work being done in the IETF's PKIX Working Group. S/MIME developers should probably be familiar with the work being done in that Working Group.
Status of PGP/MIME and OpenPGP
Earlier versions of PGP have been deployed and used since the early 1990s. PGP/MIME has been adopted by some important players in the Internet mail industry. Implementations of PGP/MIME are based on two RFCs:
* RFC 2015, MIME Security with Pretty Good Privacy
* RFC 2440, OpenPGP Message Format
The current work on PGP/MIME is being done in the IETF's OpenPGP Working Group. The charter for the OpenPGP WG states clearly that the purpose of the group is to create protocols based on PGP that can become IETF standards. The OpenPGP protocol, which is on the IETF standards track, is described in OpenPGP Message Format, RFC 2440, which is being revised by draft-ietf-openpgp-rfc2440bis. The MIME wrapping for OpenPGP is described in MIME Security with Pretty Good Privacy, RFC 3156. The OpenPGP WG has a web page hosted by IMC.
Differences and Commonalities Between S/MIME v3 and OpenPGP
S/MIME v3 and OpenPGP are both protocols for adding authentication and privacy to messages. However, they differ in many ways, and are not designed to be interoperable. Some cryptography algorithms are the same between the two protocols, but others differ.
S/MIME and OpenPGP are both secure and tested methods of protecting data. The primary difference between the two methods of protection is how they are implimented for the end user.
S/MIME requires certifcates, and this requires the existence of a third-party certificate service such as Thawte. OpenPGP, on the other hand, is based on individually determined levels of trust. If someone sends you a key, and you trust it, you can communicate with this person. There is no third party involved.
The trusted third parties in S/MIME are both an advantage and disadvantage when we consider the security model. The advantage of the existence of the third party certification server is that individual users are throughly audited by the certifier before their identity is determined. The disadvantage is that you need to trust the third party certification server to do their job.
In today's world, when there is a lack of trust even in structures like the North Atlantic Treaty Alliance, third party trust is not a viable worldwide encryption model. Peer-authentication allows users far more control over the security networks they inhabit. For this reason OpenPGP is more practical as a security method for both companies and goverments who need to keep email private.
Much of the text for this post came from the Internet Mail Consortium, and has been used here with the kind permission of Paul Hoffman, the Director. It is worth noting that the IMC did not use this text to promote OpenPGP instead of S/MIME,but just to compare the two methods. We've added additional text to explain why we think you should choose OpenPGP, and Enigmail OpenPGP in particular.
The IMC page on this subject is at http://www.imc.org/smime-pgpmime.html.