At 09:38 AM 3/10/98 -0500, William H. Geiger III wrote:
<sigh> you are missing the point. The fact that RSA/RC4 has been droped is
irrelevant. If you implementation only uses DH/DSS and everyone else is
using RSA then who are you going to talk to?
You are making a huge assumption here, that current S/MIME implementors
will choose to not comply with v3. You could be right, but from all
indications from the people at Netscape, Microsoft, and Worldtalk, you are
most likely wrong. Yes, your argument makes a nice argument for OpenPGP as
the bastion of interoperability, but that remains to be seen.
Has Verisign made any offical position that they will even certify
anything other than RSA?
Yes. They have said repeatedly they will certify whatever their major
customers want, regardless of the standards. Note that many Verisign people
contribute to the S/MIME mailing list.
I believe that having the OpenPGP vs. S/MIME argument on this list or on
the S/MIME list is a waste of time and will not help either effort move
forwards. The facts of what each working group is doing are out there (with
a few corrections on this list about misstatements aboout S/MIME). If
someone chooses to mis-implement a spec, they will win or lose based on
marketing pressure, not comments on IETF mailing lists.
--Paul Hoffman, Director
--Internet Mail Consortium