At 05:29 AM 11/24/97 +1100, David Formosa wrote:
And consider all the aplications that have been built ontop of PGP.
well, we really are re-cycling arguments. this one is the compatibility
issue again.
To whit, these seem to be the categories of concerns and their answers:
1. Technical
There is no strong argument that either MIME or Armour are superior at
doing protection against the vagaries of transport.
It is worth noting that Armour combines the control information with
the data, whereas MIME keeps them separate. This facilitates processing by
recipients who either do not have the necessary security software or who
want to defer its use. That is, for authenticated data which is not also
encrypted, the main data can be kept cleartext whereas with Armour it is not.
2. Installed base compatibility
It has been observed a number of times that that is already lost for
other reasons, so use of MIME rather than Armour does not create a new
problem.
There needs to be a distinction between pre-standards work, versus
requirements of the standard. When incorporating existing technology into
the standards process, this is always a challenge. In this case
standardizing the prior use of armour will prevent PGP from being fully
integrated into the Internet technical suite and would require
implementation of redundant technology.
The need to document prior use is well served by having an appendix
which describes how to do armouring, for implementations needing to
interwork with pre-standards implementation.
The argument that it is acceptable to require both or make both
optional misunderstand the additional overhead caused by requiring
redundant mechanisms or the difficulty achieving interworking when
everything is optional.
If there are other categories of argumentation, I've missed them.
d/
--------------------
Dave Crocker
dcrocker(_at_)imc(_dot_)org
Internet Mail Consortium +1 408 246 8253
675 Spruce Dr. fax: +1 408 249 6205
Sunnyvale, CA 94086 USA info(_at_)imc(_dot_)org ,
http://www.imc.org