Characteristic | S/MIME | RMS |
Strong private key protection | Possible | Not possible |
Private key storage | Disk (user profile), smart card | RM Account Certificate |
usage rights (copy, print, forward) | No | Yes |
Data rights can be configured to expire | No | Yes |
Ease of use | Medium | Medium |
Managerial efforts | High | Medium |
Symmetric encryption algorithms | DES, 3DES, RC2 (Outlook) | DES, AES |
Asymmetric encryption algorithms | RSA | RSA |
PKI | Yes | No |
Trust Relationship possible | Yes, through cross certification or sub-ordination | Trust relationships can be configured between RM Servers. |
Compatibility | S/MIME, X.509 are cross-platform standards. S/MIME is implemented in most mail clients. | XrML is submitted as standard. IRM is only implemented in Outlook 2003; view-only functionality available in RMA. Additional clients can add IRM functionality through RM Client SDK. |
Revocation checking | Done by the client (configurable), encrypted content is still accessible if cert not valid | Done by the server (when issuing EULs), encrypted content is not accessible once old licenses expire. |
Expiration behavior | Expiration of the user's certificate does not affect decryption of encrypted files, but does prevent subsequent encryption of emails. | Expiration of user's RM account certificate will immediately prevent decryption of any existing or new RM-protected information. |
Sunday, February 1, 2009
S/MIME Vs RMS -Part II
Subscribe to:
Posts (Atom)