ietf-openpgp
[Top] [All Lists]

Re: Status of RFC2440

2004-10-20 03:36:56

Werner Koch wrote:
On Wed, 20 Oct 2004 10:23:23 +0100, Ian Grigg said:

the market, it has the support of all the major
players, whereas rfc2440 has not, and it has the
ISO label.  All of these things equate to "it's


With respect to email encryption OpenPGP is the standard protocol most
people want to go with because it is kown to work.  At least this is
what I hear from companies looking into ways to encrypt email.

Oh, indeed.  BTW, do you have any statistics on that?
It would be very useful to get some hard or soft
figures on it, because we continually come up against
people believe their own world is the only world.

But, my point is not about mail.  Mail is but one
application of OpenPGP.  Another is identity, and
a third is reputation.  Both of these are relatively
well served by the OpenPGP's web of trust, but they
are being ignored.  Meanwhile, a lot of companies
have been trying for years to do identity in x.509
and failing dismally because of the constraints in
that technology, and I don't think it is even
possible to do reputation in x.509.

I only MS Outlook would allow to set the content-type explicitly - to
implement PGP/MIME - the remaining deployment problem would be
solvable.

There's a lot wrong with Internet mail programs.  I
normally start with "why o why is there no button to
generate a self-signed x.509 key and start using it?"

But, to underscore my earlier point, mail is not where
it's at.  Traffic is moving to chat, and there is a
chance to re-engineer the comms architecture, as chat
is still an open market with competing protocols.  So
not being standard is not a draw back.  The only thing
of importance is whether it works and deploys quickly,
and OpenPGP has a much better chance of that than any
alternate.

iang


<Prev in Thread] Current Thread [Next in Thread>