-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 2001,MIC-CLEAR
Originator-Name: cme(_at_)sw(_dot_)stratus(_dot_)com
Originator-Key-Asymmetric:
MIGbMAoGBFUIAQECAgP+A4GMADCBiAKBgCl79/jl0DEVl1GQzOHlzjDmChDDxnWO
Acd7jShj2x1vclFh6vbHx9IJqkQdwNhNAWf8XnTrqBDN+VSBc1qdT6nSEAbNPxHD
XcvY2DudhuRaRBVLgUQ4scTK657m90Q+bTL5yIh2MaFipUw9BgbIXPTDlksSskWP
9oHjo+pCJC+lAgMBAAE=
MIC-Info: RSA-MD5,RSA,
A/pDIxulJqvVntBdep6qADJ419hpQOAoSo5ZGFG/kqnucM+iz7kc6rinZPllWC2x
6zh2UqqfLq9tiqsOaZb7kNfPG5TJq1wSLD2gngYhvlY8CZlbQvO+Gh1ta/Kk82yi
LS/nRFNIEJKK/anZVhID7JuecjyDCXwuLCm6xx92Ur8=
From: jueneman%wotan(_at_)gte(_dot_)com
Message-Id: <9401071801(_dot_)AA20900(_at_)bunny(_dot_)gte(_dot_)com>
Date: Fri, 07 Jan 94 12:57:00 EST
Subject: Re: Re: Re: Naming and other hard problems
Bob,
Please forgive me from posting your private reply to me to pem-dev, but one
of your points was important.
Forgiven. I'm not sensitive about that -- was just trying to keep from
boring the other folks.
please describe exactly what steps you have taken to get the use of PEM
approved for use within Stratus, and what obstacles were encountered in
doing so?
I have described PEM to various executives, both inside and outside
of Engineering. There is marginal interest, in only a few. The interest
is not great enough to cause the doing of any real work on their part.
I have come up with three uses for PEM (RIPEM, actually) here. One is
personal e-mail privacy, of no interest to the company. One is e-mail
privacy for distributed/cooperative engineering efforts. One is e-mail
privacy *and* authentication for correspondence between our advanced
development group and our patent attorney.
What blocked us from using full PEM is the certification procedure.
1. We don't need it (since we all know one another and can verify
key validity in person).
2. We can't find anyone at Stratus whose job it would be to create
and maintain a local certification tree.
I must admit that I have not tried really hard. RIPEM satisfies our needs
fully. --- except for the correspondence with the patent attorney. That's
the newest and he's nervous about the RIPEM license -- so his preference is
to use Viacrypt PGP. I have asked for and received permission from RSADSI
to use RIPEM for this purpose and will communicate that to the attorney.
- ------
Back to the point.
We're not doing electronic commerce. We want privacy and sometimes
signatures. We are quite happy to keep local files of manually verified
keys.
When we get around to doing something like purchase orders with digital
signatures, I would expect our correspondents to be moving into this
gradually and to engage in normal communications (signed papers,
videoconferences, personal meetings) to set up the relationship -- and at
that time, through those channels, a key can be exchanged.
It will probably be many years (time for several revs of PEM software?)
before we'll need a worldwide directory of certified keys. Meanwhile, just
the question of finding someone within the organization who might take on
the job of doing local certification -- picking a distinguished name for
Stratus itself (and having the authority to do so) -- stopped me cold the
first time I looked at using PEM. I know a little more now -- at least I
know what person I might approach -- but the chances of his being
interested enough to do anything like that are effectively 0.
What interest I have received is only from doing all the work myself --
installing and training people in RIPEM, guiding them through the
generation of keys, personally taking their public keys and installing them
in a database for us to use. I can do that with RIPEM because at no
point in the process am I acting *as* Stratus.
Getting the authority to act *as* Stratus might take a year or two.
I can imagine doing digitally signed POs long before getting authority to
set up a Stratus distinguished name and certification tree. If we had
legal permission to use RIPEM for this and a supplier/customer who wanted
to do it, I could set it up like I did the ADGroup e-mail encryption,
personally. PGP-like key verification would be superior to RIPEM for
this purpose and much easier to install than the PEM hierarchy.
- -------------
If full PEM had started like RIPEM, with no certificates and then moved to
PGP-like certificates (web of trust rather than hierarchy), I believe PEM
would have been employed much sooner and in a much wider community. I
believe that the worldwide directory is important, but I personally would
much rather have seen PEM in wide use before that was established -- and
therefore I would like PEM to have been created free from the DN and
certification hierarchy at first.
Are you using RIPEM as a residential person, or as an organizational
person? What does your certificate contain in terms of a name, and who
certified you?
I have no certificate except a self-signed one I generated with RIPEM-Mac
and never use. My uses are as an individual and as a member of the
Advanced Development Group at Stratus. I use the same key for both.
- <<Disclaimer: All opinions expressed are my own, of course.>>
- Carl Ellison
cme(_at_)sw(_dot_)stratus(_dot_)com
- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783
- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488
- -----BEGIN RIPEM PUBLIC KEY-----
User: cme(_at_)sw(_dot_)stratus(_dot_)com
PublicKeyInfo:
MIGbMAoGBFUIAQECAgP+A4GMADCBiAKBgCl79/jl0DEVl1GQzOHlzjDmChDDxnWO
Acd7jShj2x1vclFh6vbHx9IJqkQdwNhNAWf8XnTrqBDN+VSBc1qdT6nSEAbNPxHD
XcvY2DudhuRaRBVLgUQ4scTK657m90Q+bTL5yIh2MaFipUw9BgbIXPTDlksSskWP
9oHjo+pCJC+lAgMBAAE=
MD5OfPublicKey: 39D9860686A9F075A9A83D49589C677A
- -----END RIPEM PUBLIC KEY-----
-----END PRIVACY-ENHANCED MESSAGE-----