ietf-smime
[Top] [All Lists]

Re: 2nd S/MIME BOF meeting minutes

1997-04-15 11:27:23
        :note to Paul H, we'll move this off this list...

The way I see it...

- Yes, freeware versions of pgp are available worldwide
- pgp needs to be enhanced to 'handle' other certificates / capabilities
- The name PGP is trademarked, just like S/MIME
- RSAref is only distributed from the MIT site, an agreement between RSA and MIT
- RSAref is strictly for non-commercial use, not for resell
- S/MIME was derived from a competing group, without any compatibility with pgp
- A single, non-proprietary, open, IETF approved format / data structure that 
we can 
  all agree upon would be a very good thing!(merged DMS, MSP, PEM, MOSS, 
S/MIME, PGP/MIME)
- The community needs buy in from all the major email vendors for secure email 
to become
  a reality.
- This reminds me of the pathetic battles between Fast Ethernet, 100VG, CDDI, 
25mbATM...
  (a Rodney King saying comes to mind...)

Charles Breed


At 12:26 PM 4/15/97 -0400, Uri Blumenthal wrote:
"F" == Frederik H Andersen <fha(_at_)dde(_dot_)dk> writes:

   F> Eh, you mean that pgp is not FREELY AVAILABLE? I am probably
   F> wrong, but I believed that it was??  I know, that these
   F> versions are meant for non-commercial use - is that the
   F> problem?

Yes it is, and yes I was wrong (I thought of a different technology :-).

   F> What about approaching pgp.com about this as the plan seems to
   F> be with the RSA secret code!

(:-)

   F> Who could prohibit a free reference implementation
   F> f.ex. outside US? Why could that not be freely imported to US?

It is already done (see pgp263i.tar.gz on your favorite FTP server),
and I think I saw it within the US (am not sure though :-).

   F> What is the problem in US?  RSA again?

Yeah, it might be, but there are freely available PGP sources in
the US as well. They use RSAREF and thus are legal.

   F> I'm probably terrible wrong!

He-he. No, you are not! How about that for a change? (:-)

In light of the above - what are the reasons for not making
PGP a mandatory format? [Apologies if this has already been
discussed at length,  in which case  just kindly e-mail the
replies, with the appropriate NOSPAM correction.]


Regards,                   [To reply, remove "NOSPAM!" from the 
Uri                         "Reply-To:" field]
-=-=-==-=-=-           uri(_at_)ibm(_dot_)net
<Disclaimer>