I'm not sure that the report about Chris' talk can lead to something
that would be called a misconception. My understanding is that he went
to every single Interop vendor booth that claimed to have X.400 and
asked them about their X.400 security features. I believe he found
that about half hadn't a clue what he was talking about and of the
remainder, only one had more than a clue.
He probably also found that they were mostly 1984 implementations. X.411
is part of the 1988 standard. The 1988 standard is what is being implemented
now so more implementations will be showing up. The X.435 secure EDI
extensions are the driver for the secure messaging interest, more so than
the regular mail services. The PEM body part can probably satisfy a lot
of the non-multilevel-security uses. The complete X.400 secure messaging
addresses the multi-level-security issues in addition to integrity and
encryption issues.
There is a difference between satisfying an existence proof (i.e.,
there exists one or a few implementations) and being able to assert
that there is "much happening". The assertion that there isn't
"much happening" appears to be quite correct. On the other hand, it
is heartening to hear that there is at least _something_ happening.
The fact that we have stable agreements that can be used to implement now
by anyone who wishes to is a key accomplishment. This was driven by the
Europeans. The secure messaging has also been incorporated into the APIA
API and there are specs available for that as well. As I said before, the OIW
agreements are online at NIST.
Eva
Dave