RSA News Release For information, contact: Patrick Corman or Lisa Croel Corman/Croel Marketing & Communications (415) 326-9648 or (415) 326-0487 Corman@cerf.net or Lcroel@mediacity.com FOR IMMEDIATE RELEASE Major Networking and Messaging Vendors Endorse Open Specification for Secure E-Mail S/MIME Based on RSA Public-Key Encryption Technology Redwood City, CA, July 24, 1995 -- A group of leading networking and messaging vendors, in conjunction with cryptography developer RSA Data Security, today endorsed a specification that will enable encrypted messages to be exchanged between e-mail applications from different vendors. The specification -- Secure/Multipurpose Internet Mail Extensions (S/MIME) -- will allow vendors to independently develop interoperable RSA-based security for their various e-mail platforms, so that an S/MIME message composed and encrypted on one vendor's application can be decrypted on another. S/MIME is based on the popular Internet MIME standard (RFC 1521). This standard provides a general structure for the content type of Internet mail messages and allows extensions for new content type applications, such as security. Major vendors endorsing the S/MIME secure interoperable e-mail plan include: Microsoft, Lotus, Banyan, VeriSign, ConnectSoft, QUALCOMM, Frontier Technologies, Network Computing Devices, FTP Software, Wollongong, SecureWare and RSA Data Security. Several of these vendors plan to release S/MIME-compliant products this quarter. While sophisticated encryption and authentication technology has been viewed as a crucial enabling technology for electronic commerce over the World Wide Web, only a few e-mail packages offer security. "Commercial e-mail packages have not offered encryption until now because there have been few open security specifications," said Jim Bidzos, president of RSA. "Internet Privacy-Enhanced Mail (PEM) is excellent for text-based messages. MIME represents the next generation, and has been widely adopted because of its ability to handle nearly any content type. The new S/MIME allows you to secure this rich content." Support for the S/MIME specification announced today has also come from other industry leaders. "We fully expect S/MIME to be the de-facto standard for vendor- independent e-mail encryption," said Bob Dickinson, vice president and general manager of ConnectSoft's Consumer Online Products and Services Division. "Solid encryption is something that our customers have been asking for. Until now, we didn't have a viable option. S/MIME gives them everything they want: RSA encryption, digital signatures, and the ability to mix different vendors' e-mail systems without losing that security." "Network Computing Devices is commited to answering market demand for network information access software providing an even higher level of protection and interoperability over LANs and across the Internet," said Mike Harrigan, co-founder and vice president of NCD. "S/MIME will further enhance our customers' ability to utilize our e-mail solution, Z-Mail, and Internet navigation software tool, Mariner, in such a secure networked environment. For this reason we fully intend to support the specification provided by S/MIME within the next quarter." "VeriSign is pleased to announce support for the S/MIME specification. This will be an exciting catalyst for the rapid deployment of secure, interoperable e-mail from most of the industry leaders," said Web Augustine, VeriSign vice president of marketing and business development. "VeriSign is committed to making our Digital ID services available to all companies that implement S/MIME and desire to work with a trusted third-party to certify public keys for their end-users." "Frontier Technologies believes that in the future, most companies will routinely encrypt electronic mail messages sent over the public Internet," said Dr. Prakash Amegaonkar, president. "This will happen once there is a well-understood standard for secure e-mail that is easy to implement. Frontier has several years experience in developing secure e-mail solutions. In order to speed adoption of the S/MIME specification, Frontier Technologies intends not only to be one of the first vendors to support S/MIME in its networking software, but also to make our initial implementation of the S/MIME protocol freely available for other vendors to use as a reference." "The freedom to have a private conversation is fundamental to personal communication that is the essence of electronic mail," said John Noerenberg, director of engineering for QUEST products at QUALCOMM. "Widespread acceptance of specifications like S/MIME make it possible for individuals and organizations to conduct business over the net secure in the knowledge that their private business is, in fact, private." "FTP Software is glad to endorse the S/MIME blueprint for secure electronic communication," said John O'Hara, director of development for FTP Software. "Whether communicating with customers, business partners or remote offices, companies need to ensure that confidential information stays confidential. This was difficult in the past, since organizations are connected through diverse messaging systems from competing vendors. S/MIME eliminates those barriers by facilitating implementation across multiple vendor products." S/MIME is based on the intervendor Public Key Cryptography Standards (PKCS) that were established by a consortium composed of RSA, Microsoft, Lotus, Apple, Novell, Digital Equipment Corporation, Sun Microsystems and the Massachusetts Institute of Technology in 1991. PKCS is the most widely implemented suite of commercial cryptographic standards in the U.S. The common PKCS specifications allow developers to independently develop secure applications that will interoperate with other PKCS-secured applications. Developers interested in S/MIME can get more information at RSA's web site, at http://www.rsa.com, in the "What's New" section. RSA Data Security is the world's "brand name" for cryptography, with over 10 million copies of RSA encryption and authentication technologies installed and in use worldwide. RSA technologies are part of existing and proposed standards for the Internet and World Wide Web, CCITT, ISO, ANSI, IEEE, and business, financial and electronic commerce networks around the globe. The company develops and markets platform-independent developer's kits, end-user products, and provides comprehensive cryptographic consulting services. Founded in 1982 by the inventors of the RSA Public Key Cryptosystem, the company is headquartered in Redwood City, California. (30) RSA Public Key Cryptosystem and PKCS are trademarks of RSA Data Security, Inc. All other product or company names are trademarks of their respective corporations. Connectsoft Tamese Robinson 206/450-9965 Frontier Dennis Freeman 414/241-4555 FTP Software Jill Dudka 508/659-6458 Qualcomm John Noerenberg 619/597-5103 Wollongong Bob Brodie 415/962-7203 Microsoft Waggener-Edstrom Public Relations 503/245-0905 Banyan Jay Seaton 508/898-1000 NCD Mike Harrigan 415/694-0663 SecureWare David Luther 404/315-6296 VeriSign Web Augustine 415/508-1151