Date: Thu, 5 Nov 1992 14:44:53 -0500
From: shirey(_at_)mitre(_dot_)org
That was not the point of my message. The point is that PEM has
competition that must be answered.
It would seem to me that the best way to answer it would be to deploy
PEM ASAP:
with an implementation that is at least as easy to set up as
PGP, or better;
with a way of going on-line that is as easy as PGP, or better;
(i.e., how do you generate and be able to start using a
public key.)
Certainly the intense interest attracted by PGP has shown that there is
an intense hunger for PEM or PEM-like technology. One question that
still remains in my mind is whether the vast majority of the community
finds the trust model and trust assurances of PGP sufficient (and
presumably will therefore not be willing to pay, either in terms of
money or extra effort for the higher-grade assurance provided by PEM),
or they are using PGP because there's nothing better, and would like
(and be willing to pay for) the increased assurances provided by PEM.
Deploying PEM is the only way to find out for sure.
- Ted