At 12:32 PM 2/12/00 -0800, Ed Gerck wrote:
Ross Finlayson wrote:
> That's good, but why not undertake this within the existing IETF process,
> rather than trying to emulate it?
Because it is outside the scope of the IETF.
For once, Ed and I might be in agreement on something. The IETF has already
done all the technical groundwork needed for the process. They've got
OpenPGP or S/MIME for the format of the messages, TLS or IPsec for
transmission of any unencrypted content, and PKIX for certificates. All are
on standards track. They can give privacy and authentication.
The remaining questions might be what needs to be private or public, what
needs to be authenticated, and who the authenticating authority is. This
doesn't sound like a job for the IETF, although I'm sure many IETF folks
will want to participate or at least watch. We might even pull out our
sharpened sticks if any of the participants say things like "our
proprietary technology which is more secure" or such things.
--Paul Hoffman, Director
--Internet Mail Consortium