pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

The destiny of PEM

1994-02-11 10:32:00
from [Sead Muftic] [Permanent Link] 

Dear Bob:

This letter to you was motivated by one of your recent
suggestions and that is: "in order to get PEM going
on much wider basis then today, may be we (all) could
try with some E-mail-addressing-based PEM systems with
automatic CA responders" (I hope I have interpreted you
correctly !).

My another very strong motivation for this letter are all
the topics about weak points and problems in the PEM system,
appearing in large quantities on the pem-dev list.

So, I am afraid a little bit that we all might "kill 
the baby before even it is (properly) born !" 
With this letter I would like to inform you that our
version of PEM (v 1.0) currently in (testing) operation
at several locations in Europe has shown (at least MY
experience) that:

   1. PEM is the system consisting actually of two
      subsystems: Certificate Management System and
      secure E-mail,

   2. In full operation, PEM can be used as "security
      infrastructure" for other global network secure 
      applications (like EDI), 

   3. E-mail addresses are very good for smooth and automatic
      operation of the system, but they are unreliable
      for identification of legal entities (DNs must be used).

So, before we continue to worry about potential usage of PEM,
its scope and possibilities and eventual problems that we may
encounter, why don't we all install (from MIT, TIS, RSA, COST,
and whichever implementation is currently available) several
(10 - 20 installations) internationally, we try to run PEM and
use it and discover eventual difficulties in practice.

So, I am suggesting that whoever (institutionally) would be
interested, we declare, say, MAY'94 "The Month of PEM".
Untill then, we should get ready and try "internally" within
this list to talk to each other using PEM letters.

We are willing to "invest" into this exercise sevaral
copies of our (clumsy ?) current implementation,
just for testing. We did that at the end of the last
year at several Euro locations and we got quite a good
comments and experiences.

I am inviting (limited) number of interested USA participants
to install our system FREE OF CHARGE, I will invite people
at our current installations, I am inviting (limited) number
of current PEM developers and I am inviting an UNLIMITED number of 
PEM messages during      M A Y ' 9 4.

After that, we may get back to the drawing board.


Regards,

Sead Muftic                              Tel: +46-8-16 16 92
COST Computer Security Technologies      Fax: +46-8-739-1839 
Stockholm, Sweden                        E-mail:  
sead(_at_)dsv(_dot_)su(_dot_)se

!
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • The destiny of PEM, Sead Muftic <=
Previous by Date:  Re: PEM and PCAs, James M Galvin
Next by Date:  PEM and PCAs, Steve Dusse
Previous by Thread:  Starting Volume 5 of PEM-DEV archives, agent: David Balenson
Next by Thread:  Nx2 DES Found Weak, Terry Ritter
Indexes:  [Date] [Thread] [Top] [All Lists]