ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Long term contracts

1997-11-27 10:20:27
from [Ian Grigg] [Permanent Link] 
Ian:

 Ian Grigg's point in favour of armour is that clearsigned documents are
 useful. Fair enough; Ian can buy/write an application which includes
 this functionality. It does not need to be a MUST. As Adam just said, it
 would be simple to do the same with MIME.


(I think it can be hacked into the MIME format, but thinking about it,
there is more to it than that.)

A contract is a self contained document that can be readily proven to be
what it says it is.  It uses embedded inline sigs because they cannot be
lost over time, and it can survive many different copying techniques. 
Note how the preceeding comment holds for paper documents and pgp
clearsigned messages, but not for attachments and separated sigs.

One of the design criterion is that the method of cleartext signing must
be ubiquitous.  Under current world conditions the method used is, as
pgp2.6 and pgp5.0 can read the clearsigned sigs.  If however, armour is
phased out, and MIME is not up to the job, then the application is
broken.

The reason for this is that you have to write a contract now, and
validate it in the unforeseeable future, using independant software
available anywhere.  Just like on paper.  We are trying to replace the
eyeball, and this has rather tricky demands on software.

When we designed the methods to do the contract, a reasonable assumption
was that "pgp2.6 will be available for a long time."  It was set up over
worldwide net sites to defend itself from the worst ravages of
governments.  I never in my wildest dreams guessed that PRZ and Company
would be the ones to ....

Now, the alternative is to assume that PGP/MIME or S/MIME will take
over.  This is far to risky a bet, obviously, as there are already two
choices there, and with the addition of the  incumbent, that makes
three.  No rational business case can be made at this stage that either
of these are strong enough to win.

Add to that the decision of this group to abandon RSA sigs, along with
the commercial activities of PGP Inc to deliver the coup de grace and I
suspect the signing of long term commercial contracts is now a broken
application.

Which is ammusing as I just today submitted my paper to FC98 on how good
an application this is (and received confirmation that it is in the post
:-)  Better I find out now than at the conference I suppose...

-- 
iang                                      systemics.com

FP: 1189 4417 F202 5DBD  5DF3 4FCD 3685 FDDE on pgp.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: The armour issue, Ian Brown
Next by Date:  Re: Long term contracts, Dave Crocker / IMC
Previous by Thread:  Re: PGP/MIME2, Lindsay Mathieson
Next by Thread:  Re: Long term contracts, Dave Crocker / IMC
Indexes:  [Date] [Thread] [Top] [All Lists]