Rhys> I wonder what will happen when the PGP guys eventually come to the table
to create a merged standard that keeps both camps happy? Will they be
told to get lost because they aren't "pure"? Frankly, this elitist
X.500-and-top-down-CA's-or-die attitude is starting to wear a bit thin
with me.
I am not sure what you want to see happen, but the "PGP guys" have been
sitting at this table for quite some time. If "we" were to add something
to PGP, it would probably be somewhat like RIPEM.
The issue that seems to be constantly glossed over is that PEM means
different things to different people. In my view PEM should reference
the format of documents sent over some transport mechanism. (1421 stuff)
Some members of this group seem to insist that if some program did not meet all
of the RFC's 1421, 22, 23 and 24, then it isn't PEM. What if it met
the earlier RFC's, or some later set of RFC. What if a program accepted
PEM messages, and then made its own determination about trust. Trust is
a funny thing, it cannot be determined by a bunch of beltway bandits writing
specs for the military. Trust developes between two enitities as a result
of an extended sequence of interactions.
Peace ..Tom
cc pem-dev(_at_)tis(_dot_)com