Dave Crocker / IMC wrote:
well, we really are re-cycling arguments. this one is the compatibility
issue again.
Well, I guess we'll keep re-cycling until the WG has reached that
concensus that is required to accept each and every proposal.
Pedalling on...
1. Technical
I agree that technical concerns are not of prime importance.
2. Installed base compatibility
It has been observed a number of times that that is already lost for
other reasons, so use of MIME rather than Armour does not create a new
problem.
OK. This is a missing assumption that I for one did not pick up, but am
now seriously thinking about. It has taken a long time to get here, I
hope everybody is still with us. A few (open) questions:
1. Is this WG happy to take as a given, or a working assumption, or a
fundamental position (pick your own term), that the compatibility with
the installed base is lost?
2. If compatibility with the installed base (as inferred above) is
*not* lost, does the proposal that MIME should "replace" Armour
(ignoring how&what) still have any merit?
(I don't know the answers to these questions myself, I'm very interested
to hear what others have to say.)
In this case
standardizing the prior use of armour will prevent PGP from being fully
integrated into the Internet technical suite and would require
implementation of redundant technology.
Dave, I don't think you and I are connected over the same Internet. The
net I am connected to includes PGP, and has for a number of years. It
will continue to do so, and I say this with complete and utter
conviction as the Internet I am connect to does not exclude technologies
because they are old, because there is an alternative, or because some
bunch of bureaucrats at the IETF might deign to pronounce otherwise.
One of the wonderful discoveries of the Internet was to never limit the
possibilities of multiple, apparantly competing standards. In this
sense, the Internet is a pure market. It remains pure and unlimited
until some limit comes along. PGP is currently facing no high level
technologically imposed limits, and thus will remain as a viable
security protocol for many many years, in whatever variant we can think
of.
I consider the above sweeping generalisation, "prevent PGP from being
fully integrated into the Internet technical suite," to be out of place,
unbacked and generally plain wrong.
Statements such as whether we wish to "participate in the suite of
Internet technology," and whether the group is being "uncooperative
towards true integration with Internet mail and web standards..." only
serve to flag to me, and perhaps others, that the rest of the discussion
has nothing to add to the group, so if there are good points in there,
they tend to be hidden. Maybe this is why I missed the very important
assumption I discuss above.
--
iang systemics.com
FP: 1189 4417 F202 5DBD 5DF3 4FCD 3685 FDDE on pgp.com