Andrew and Jim,
On Mon, 4 Oct 2004 08:14:17 -0400, Andrew Newton wrote:
following: we've been told that time is in short supply and
that even taking 2 extra months to understand our
requirements will cause problems. If that is so, then we
cannot risk time on a new scheme; we must limit the scope of
the charter to S/MIME or PGP.
If i have understood the concerns correctly, the suggestion is to
use s/mime or pgp because they are well-established.
There are observations that s/mime and pgp do not
a) protect headers
b) use domain-scope identification
c) DNS-based key validation (or acquisition)
d) header-based attribute encoding
The response I am hearing is that there are no inherent
difficulties in making the changes to s/mime or pgp to cover
these.
I am not understanding how "making the changes" differs from a
design and development effort.
In other words, pgp and s/mime do not do the necessary job, so
they are not well-established for this use and getting them to
cover this use might well require as much work at choosing
another scheme.
Note that some of the other schemes use well-established
algorithms. It is in fact in the issues of items a, b c and d,
above, that the create a new service.
So I am not understanding what the benefit is, in starting with
systems that have poor usage histories and inappropriate
identification, key management, data protection, and attribute
encoding.
Please clarify.
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker(_at_)(_dot_)(_dot_)(_dot_)
brandenburg.com