pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Why are we here?

1993-08-04 09:40:00
from [TCJones] [Permanent Link] 
Doug Porter> Financial accountability is certainly valuable in some
situations.  But what place does it have in Privacy Enhanced Mail?  A
separate RFC seems more appropriate.

How can you, or anyone else, say what PEM is useful for?  There is no
scope or purpose to PEM.  I can't even get a cogent explanation of the
reasons for using public key technology.  (I know -- it "SCALES" well??)
Before we start on a new RFC, how about finding the uses for the ones we
have.  Having been involved in many years of standards development and
heated discussions that lead up to them, I am fully aware of the reason
for not being precise - We all like to defer some of the harder problems
for others to solve after we have gotten what we want.  But no one
should imagine that ambiguity is a real solution.  I remember a quote I
often used when I was trying to get thru a particularly sticky point:

"Sometimes an ounce of ambiguity is worth a pound of explanation"

Well - for better or for worse - PEM is here now.  Guys like Bob and I
are trying to find uses for it within our (commercial) environments.
John Gilmore imagines its use in the great anarchist revolution of the
(constantly getting later) 90's.  I am here to tell you that the uses
for which PEM will be put are probably different than anyone here can
imagine.  I am not here to have you, or Steve Kent, or anybody else tell
me what I may, or may not, use PEM for.  I will discover that for
myself.

- -

Bye the way - the concept of having a write-in contest to discover the
manifold desires for PEM, while interesting, will not help to reign in
the scope of a standard that has already been published.  The time to
write a scope and purpose is prior to publishing the document.  After
that the syntax lawyers take over and the interpretation of the document
becomes the only important thing; especially since RFC's cannot be
altered once published.  What we need now are success stories to take
back to management to tell them why this standard will succeed when so
many other security standards have failed.  The best sales tool now is a
list of implementations that actually get used in some meaningful
environment.  Case histories of happy users need to be published, here
or, better yet, in the trade press.  Note that now PEM is so difficult
to use that even a majority of the comments on this board are not
signed!

Peace ..Tom Jones
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PEM request, Steve Kent
Next by Date:  Re: Why are we here?, Steve Kent
Previous by Thread:  GREEN Book access, P . Williams
Next by Thread:  Re: Why are we here?, Steve Kent
Indexes:  [Date] [Thread] [Top] [All Lists]