Over the last few days, I've been trying to respond to some of the
discussion about Lutz's draft. It occurred to me over the weekend that I
should revisit our goals.
They are quite simple, really. We are attempting to do two things:
1) Document current PGP message format so that users of independently
produced implementations can successfully encrypt/decrypt documents they
exchange, and, similarly, digitally sign and authenticate them.
2) Standardize a mechanism for the use of PGP with Internet email.
That's it. That's all our charter says.
This needs to be done as quickly as humanly possible.
Once we are well on our way to accomplishing these goals, we might consider
other, related topics. I know the two items I've listed aren't the end-all
and be-all of crypto applications.
But we have to get these done for two reasons. One, we said we would.
Two, until these are done for PGP, nothing else much matters. More on this
below.
For 1), we will use the historical implementations of PGP, including PGP,
Inc's recently released versions, as the basis for abstracting PGP message
format. As a working group, we have a important advantage. There already
exist multiple code bases that implement most of the same ideas that make
up PGP format. And all the source code is available. Our goal must be to
codify in an RFC those ideas which are all in common, and all the ideas
which rough consensus indicates needs to be included in all implementations.
However, adding new ideas that are not in any implementation will slow us
down, changing old ideas which are already used in common will slow us
down. If anyone starts down those paths, I'll ask you, politely, to
refrain.
For 2, there already is a PROPOSED STANDARD for MIME encapsulation of
PGP-encrypted and/or signed messages, RFC 2015. We know it works, as there
are several implementations. There appear to be a few defects of a *minor*
nature. We should fix them and advance it as a DRAFT STANDARD as soon as
possible. It already meets most of the requirements for DRAFT status.
This is the work of this Working Group. Other discussions which are not
germaine have no place in this mailing list. Again, I will ask you,
politely, to refrain.
As for other work we might tackle. (This is the "more" I promised above)
The IETF philosophy* is that once a WG finishes its work, the tasks on its
charter, it ceases to exist. A WG's charter is malleable, it can be
changed, when necessary. So if we encounter a task which affects the work
we've already agreed to perform, it is possible to alter our charter to
include the task.
But I don't want to be stuck with this job, forever. So, unless you make a
pretty good case, I will ask you, politely, to refrain.
If you have any questions about this, please contact me. I will be more
than happy to discuss it with you.
Thank you.
*(see "The Tao of the IETF", RFC1718)
best,
john w noerenberg, ii
jwn2(_at_)qualcomm(_dot_)com
pager: jwn2(_at_)pager(_dot_)qualcomm(_dot_)com
--------------------------------------------------------------------
"The great man is he who in the midst of the crowd keeps
with perfect sweetness the independence of solitude."
-- Ralph Waldo Emerson, "Self Reliance", 1841
--------------------------------------------------------------------