On Thu, Oct 30, 1997 at 04:11:20PM +0100, Ulf Möller wrote:
Several WG members and other recognized crypto experts consider any
form of message recovery dangerous, others do not agree with the way
it is implemented in PGP in particular.
However, these are primarily political considerations. Certainly,
there are security implications as far as message recovery is
concerned, but security considerations are application-specific --
that is, most commercial applications don't require anything
approaching military-grade secrecy. And certainly, with care, CMR as
implemented by PGP can be *very* secure.
So, if the IESG gives its WG chairs the power to decide whatever they
consider appropriate, fine, but please save ourselves the Newspeak of
calling that "rough consensus".
Perhaps, then, you would rather have no standard at all, than a
standard that refers to PGP's CMR implementation?
To put it a bit more baldly, the question is are you willing to
disrupt the process if you don't get things your way? And, given
that some people will answer that in the affirmative, how would you
expect the WG chair to handle it?
--
Kent Crispin "No reason to get excited",
kent(_at_)songbird(_dot_)com the thief he kindly spoke...
PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html