However, there was a mandate that we *not* do that on this work, that we
specify a minimum interoperability standard. That is, we don't want MOSS II.
I disagree. We want an algorithm independent protocol, but we want to pick a
"must implement" algorithm that ensures interoperability.
Ah, I think I misunderstood the meaning of "algorithm independent
protocol". I my mind, "algorithm independent" means "all algorithms are
treated equally", which is what I spoke against. The current (and future)
drafts allow all algorithms, but mandate "must implement" for some of them.
To me, that's not "algorithm independent" but "multiple algorithm friendly".
I think we are in agreement here about what the spec does, just not the
terminolgy.
Paul, the current structure mandates the use of RSA key management. The
standrd
should not prohibit the use of other techniques such a Diffie-Hellman. It is
possible to have RSA as the "must implement" key management algorithm, but
the
standardized structure should not prohibit the use of other techniques.
And it doesn't. In fact, with the SMIMECapabilities, it makes it easy for
an agent that is using some other kind of key management to announce that
to the world on every signed and/or encrypted message it sends out. This is
described in the beginning of Section 2.5.2 of the drafts.
--Paul E. Hoffman, Director
--Internet Mail Consortium