pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PEM and MIME revisited

1992-05-01 09:17:00
from [Marshall Rose] [Permanent Link] 
Jim - I don't want to seem to be picking on you, but your last message
didn't add anything new to the equation.  Basically, your points are:

1. PEM works on messages

2. PEM includes a step to encode its output in a printable form

Ergo,

3. For PEM to use MIME, PEM has to be changed...and PEM is on the
fast-track (as is MIME).  Doesn't this boil down to the

        "we don't want to change because PEM will be published as an RFC
         very soon now"

argument?

My claim is, and perhaps I missed someone's refutation of it, that a
minimal PEM/MIME implementation has to do three things:

1. In the message posted (the one that carries a privacy-enhanced
message as it's body).  You add two headers

        MIME-Version: 1.0
        Content-Type: message/pem

2. In the privacy-enhanced message, you get rid of the bracketing
encapsulation boundaries, 

3. Instead, it puts in these two headers:

        Content-Type: message/rfc822
        Content-Transfer-Encoding: base64

The first header is present only for ENCRYPTED, MIC-ONLY, and MIC-CLEAR.
The second header is present only for ENCRYPTED and MIC-ONLY.

Now, I will plainly put forth a few other points:

1. The 934 encapsulation scheme has a problem which shows up when
something is forwarded more than a few times.  MIME doesn't have this problem.

2. The choice of encapsulation boundaries used in the current PEM draft
make it impossible for MIME-compliant software to emulate that particular
encapsulation.  That means that in the future if you move to using MIME
then it will not be possible to encapsulate messages using MIME's rules
so that they look like the encapsulated messages which are generated by
the current PEM draft.

3. Hence, if you decide to change the PEM rules for encapsulation after
PEM is a proposed standard, then I will tell you plainly that you are
going to have a much harder time arguing that the future PEM revision
should go to draft standard, because you will be guaranteed of ZERO
interoperability.

I really hope I am not raising your blood pressure with the last point,
but you might as well confront this now.

5. To make things concrete, I have prepared new text outlining the MIME
way of doing things.  It's in my next message.

/mtr
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PEM and MIME revisited, James M Galvin
Next by Date:  Suggested text for PEM/MIME, Marshall Rose
Previous by Thread:  Re: PEM and MIME revisited, James M Galvin
Next by Thread:  Suggested text for PEM/MIME, Marshall Rose
Indexes:  [Date] [Thread] [Top] [All Lists]