Re: Naming problem as a symptom

Derek,

        If you placed the IPRA public key into a PGP database you
would NOT have the functionality of the PEM hierarchy.  For example,
there would be no checking for DN subordination.  CRL management would
not magically appear, etc.  So, while you may argue in favor of the
flexibility of the PGP "web of trust," it is not accurate to say that
it subsumes the PEM functionality as a special case.

        This list has endured substantial discussion about why DNs
are used, so I don't believe reprating this explanation again is useful.

        The goals of PEM were established long ago.  Security services
are closely related to naming issues, in email, general network
security and computer security.  Quite a bit of literature addressing
various aspects of this relationship has been publsihed over the last
15-20 years.  Perhaps your model of what services PEM should provide
differs from those which are identified in RFC 1421 and which have
lead the development of the RFCs for several years.

        Finally, I suspect, from the tone of your message, that you
may be a new subscriber to this list.  You may wish to avail yourself
of the archives maintained at TIS to review the progress of
discussions of many topics which are now being raised again.  It seems
that some number of subscribers have become active as a result of the
publication of the RFCs.  Note that these RFCs are completed and the
current focus of the PEM WG, for which this is the discussion list, is
the integration of PEM and MIME.  That will be the topic of the next
WG meeting, in Columbus OH, at the end of March.  I urge WG members to
read the current I-D proposal for PEM-MIME integration in preparation
for the meeting.

        Discussion of unresolved issues about DN guidelines and other
loose ends with regard to the RFCs are still are appropriate topics
for this list.  However, discussion of the form "why do we have to use
DNs with PEM" or "how is PGP different/better than PEM" or "why I
think the RIPEM user community will overtake PGP in 6 months" does not
seem appropriate at this stage in the process.

Steve Kent
PEM WG Chair

<Prev in Thread]	Current Thread	[Next in Thread>
Re: PGP legality, (continued) Re: PGP legality, David Sternlight Re: PGP legality, Brad Huntting Re: PGP legality, Derek Atkins Re: Naming problem as a symptom, Steve Kent Re: Naming problem as a symptom, Bill Sommerfeld Re: Naming problem as a symptom, Steve Kent Re: Naming problem as a symptom, Steve Kent Re: Naming problem as a symptom, Brad Huntting Re: Naming problem as a symptom, Steve Kent Re: Naming problem as a symptom, Derek Atkins Re: Naming problem as a symptom, Steve Kent <= Re: Naming problem as a symptom, gvb Re: Naming problem as a symptom, Raymond Lau Re: Naming problem as a symptom, gnu Re: Naming problem as a symptom, Marshall Rose Re: Naming problem as a symptom, Amanda Walker

Previous by Date:	Re: PGP legality, Derek Atkins
Next by Date:	X.400 bounce example, Beast (Donald E. Eastlake, 3rd)
Previous by Thread:	Re: Naming problem as a symptom, Derek Atkins
Next by Thread:	Re: Naming problem as a symptom, gvb
Indexes:	[Date] [Thread] [Top] [All Lists]