Acutally, I believe it is a little worse/different than that. I provide
the following because I believe that some major PGP "principals" have never
read the PEM standards documents.
PEM World PGP World
--------- ---------
RFC 1421 No spec, no engineering for
In short, the "protocol", related protocols
designed to fit with other
protocols in the Internet
suite and, "eventually", X.400.
I don't want this to turn into a religious war, but it seems some
people already have that agenda. Rob: you were the one who asked for
someone to speak on PGP, yet you seem to be doing a lot of "PGP
bashing" yourself.
First of all, I'm fairly certain that a number of PGP people have read
the PEM documents. Second of all, there have been a number of
engineering decisions made in the design of PGP, which were different
than the design decisions made for PEM. In particular, PGP decided to
make privacy a higher priority than authentication. Also, PGP decided
to design itself around binary data, to make encoded files smaller,
and then added the ASCII-Armor. Clear-text signatures (MIC-CLEAR)
came even later!
Rob, I would like to argue your statement that PGP has "no spec, and
no engineering for related protocols." Although this is not the place
to do that. All I'd like to ask now is that you keep an open mind.
Alot of people on this list have a firm mindset on the "proper way to
do something", and it clouds the judgement.
I'd be more than happy to talk to people in person or in private email
if you have any questions, comments, suggestions, etc. But let's keep
this dicussion off the pem-dev list, since it does not belong here.
-derek