At 5:04 PM 3/25/93 -0500, Greg Vaudreuil wrote:
The most contentious issue I can see is the need for co-existence
between MIME/PEM and 822-PEM. This issues can be addressed in two ways,
1) if PEM/MIME is accepted soon as a replacement for RFC1421, then
there are (I think) 3 implementations that must change. I am not aware
of a high volume of production traffic that needs to be accommodated
yet. 2) if PEM/MIME is accepted as an alternative to RFC 1421, then a
rigoruous co-existence strategy needs to be worked up, including the
basic mapping algorithm from one message encapsulation technique to the
other. Because I understand the minimal requirements for MIME
compliance to be trivial, I would strongly prefer that the first option
be pursued and that any real interoperability problems between MIME/PEM
and PEM-only be stopped before they really exist.
Greg,
Certainly there is not a "high-volume" of production traffic when we view
the volume in the context of all Internet mail. So "the first option"
might be reasonable at this point. However, there are many more than three
implementations. There is the original set of three or four from the PSRG,
including the "reference" implementation from TIS; three or more based on
RSAREF, two of which I have on my Mac; some unreleased commercial versions,
and Internet-only-knows what else in the UK, Germany, Switzerland; and
other places from which we've had mail.
This is good! PEM's finally getting out there and being used, at least
little bit, even though some of the versions don't have full RFC 1422
(i.e., certificate) support yet.
The questions are: Will there suddenly be a LOT out there before the
PEM/MIME standard is straightened out? Just the possibility of this argues
for your second option. Will the choice of option 1 inhibit PEM another
year, more or less? If so, will widespread deployment get severely blunted
by stuff like Pretty Good Privacy? Worse still, although federal wheels
grind ever so slowly, could anti-encryption legislation or the threat
thereof kill the emergence of supported PEM products? This last
possibility has seriously worried me for a few years now and worries me
more every day.
Regards, -Rob-
Robert W. Shirey, The MITRE Corporation, Mail Stop Z202
7525 Colshire Dr., McLean, Virginia 22102-3481 USA
shirey(_at_)mitre(_dot_)org * tel 703-883-7210 * fax 703-883-1397