PKI-lite S/MIME Email Clients Summary

Document: hepki-tag-pkilite-smime-clients-5.html 
Editor: James Jokl 
Date: April 9, 2002
Comments to: hepki-tag@internet2.edu

  Netscape 4.7 Messenger Mozilla Outlook Express 5.5/6.0 Outlook 2000 Windows Eudora with Tumbleweed plugin Windows Eudora with Entrust plugin Something on Macintosh other than Mozilla
S/MIME Version Compatibility   3 2 & 3   2 & 3    
Support for separate signing and encryption certificates   planned yes yes yes    
Supported signing hash algorithms     SHA-1 only SHA-1 and MD5 SHA-1 and MD5    
Supported encryption algorithms DES, 3DES, RC2 (40, 64, and 128 bit) DES, 3DES, RC2 (40, 64, and 128 bit DES, 3DES, RC2 (40 and 128 bit) DES, 3DES, RC2 (40 and 128 bit) DES, 3DES, RC2 (40, 64, 128, 255 bits)    
Sentmail folder encryption control   Messages in sendmail folder are encrypted Messages in sendmail folder are encrypted   Messages in outbox are clear text    
Decryption and folder storage     Messages stored in folders are encrypted   Messages stored in folders are encrypted    
LDAP directory support for certificate download Yes   Yes Yes Yes    
Enforces certificate / From: address mapping No Yes Yes Yes No    
Behavior of client when sig verification fails   indication of bad signature and indication of incomplete cert chain Big full-window click-through warning        
Supports user's ability to trust a received cert without needing to trust a whole CA hierarchy     yes yes      
Support for multiple users (more than one private key) on the same platform     yes yes      
Support for plugins such that S/MIME information (signature, etc) is available to the plugin              
               
Additional Information   Tech Info
Using S/MIME 		         
Client notes
  1. Single column for Netscape on all operating systems. We will split later if needed.
  2. Will let you send a signed message with certificate/From: line mismatch.
  1. Still in development
  2. User interface is unfinished
  3. Supports Unix, Windows, and Macintosh
  Client requires both a signing and an encryption certificate before it will enable S/MIME From: -- certificate address correspondence is not checked either in or out.