Mike,
I agree with your observation that Rob's PMSP/DMS status
message is also not directly relevant to this mailing list. Perhaps
Rob felt it appropriate to bring up this topic because an initial
version of PMSP looked an awful lot like PEM. Perhaps I viewed Rob's
message as less inappropriate than yours because he was not engaging in
an advertisement for his corporate product, as your message did. The
private message I sent to you, and which you included in your last
posting, tried to address this issue politely, but perhaps too
indirectly. The example I cited with regard to RSA algorithms was an
attempt to establish the sort of groundrules that you inquire about in
your message, in a non-discriminatory manner.
As you observerd, PMSP makes use of a "suite" of algorithms,
of which DSA/SHA are two FIPS candidates which have been published.
The policy we have adopted for PEM is to publish profiles for suites
of algorihtms, not just individual algotrithms, to avoid combinatorial
explosion of choices, which would lead to diminsihed interoperability.
When the full "NIST suite" becomes available, it would be a candidate
to profile for use with PEM. However, since we are short a couple of
algorithms to complete that suite (the symmetric encryption algorithm
and a public-key key management algorithm requested of NIST by
Congress several years ago), we can't produce the relevant profile yet.
I won't argue market share or size with you. PEM is intended
to addresses a worldwide Internet user population. The US Government
is electing to employ a different email security protocol, i.e., MSP
(PMSP has become just MSP with a different algorithm suite). We could
argue whether this decision will ultimately result in more PEM or MSP
users in the global marketplace, but it would be idle speculation on
everyone's part. Many of us recall the US Government's decision to
adopt OSI as a procurement directive (GOSIP) in the mid-1980s. Folks
who sell TCP/IP both to the government, and to the general user
population, have prospered despite that decision. One can argue that
PEM is doomed if it fails to adopt SHA/DSA, or that it is doomed
anyway because of MSP, but the arguments are far from convincing
at this point. I'm sure the RSA folks would point to the long list of
major hardware and software vendors who license their algorithm and
suggest that the US Government policy of buying COTS products will
lead to widespread use of RSA, irrespective of a the latest
procurement regulations.
You propose that a suitable additional PEM suite would consist
of DSA, SHA, DES, and El Gamal. Since the NIST suite is only
partially populated, as noted above, this suggests that we would
likely have two suites with DSA/SHA, but with different encryption
algorithms. This begins to sound like the sort of diversity that we
were trying to avoid by profiling suites. Note also that the DSA is
currently the subject of two patent infringement claims in the US, as
observerd by NIST at their workshop last month. We worked for some
time to make appropriate arrangements with regard to use of RSA with
PEM (in the US) and would have to engage in potentially more elaborate
arrangements to use DSA since it is the subject of international (not
just US) patent claims. Thus it may be premature to encourage the PEM
community to use of the DSA at this point, in addition to the other
concerns cited above.
Several points in your message seem to focus on US Government
users. The PEM WG has a broader target population and thus may weigh
various factors differently. One could argue, from your message, that
the US Government market will adopt MSP/PMSP and the "NIST suite" and
thus the choice of algorithms for use with PEM is less relevant to
them, as they are using a different secure email protocol. One also
could argue that using a common algorithm suite is good for everyone,
even if different protocols are employed, since it would be easier to
interoperate by sticking with the same algorithms but selecting
different protocols as required. However, that approach would seem to
argue for adopting the whole NIST suite, not half of it plus two other
algorithms, which seems to be the proposal you put forth.
In regard to your final comment, I believe Steve Crocker would
advise you, as will I, that anyone is free to develop and submit a
document as an Internet Draft. The publication of such documents as
experimental RFCs is also relatively straightforward. If you want to
pursue development of an additional PEM algorithm suite as an Internet
Standard, then that work falls under the purview of this WG. If there
is sufficient interest in the work and concensus on the results, then
it will be progressed.
Steve