(didn't realize that Tom's note was to the full list. Here's my reply.
(His stuff is 2 angle-brackets and mine is 1.)
To:TCJones(_at_)DOCKMASTER(_dot_)NCSC(_dot_)MIL
From:dcrocker(_at_)mordor(_dot_)stanford(_dot_)edu (Dave Crocker)
Subject:Re: Secure Electronic Commerce
Tom,
EDI is one example out of the class of electronic commerce. Too, X12.58 is a
specfication, rather than an established practise. It may or may not catch
on. PEM may or may not catch on.
Your concern for true end-to-end is certainly valid. The exact solution may
or may not be x12.58. I don't know. I DO know that there is a more general
need for authenticate email, for a variety of purposes. One of the might be
EDI and it might not; my concern is that we need to make it available for that
purpose.
As to the EDI/Mime effort. I think we're all catching our breaths. In
particular, I need to generate a revision to the draft spec, to give people
something to chew on.
Dave
Dave Crocker <dcrocker at mordor.stanford.edu> said:
Dave, I am disappointed, have you not checked X12.58 or "Secure EDI".
...
mechanism. I must reiterate that PEM or MIME is not end-to-end in an
electronic commerce environment, but only a (part of a) transport
mechanism.
What electronic commerce requires is protection of the base document,
not the transport mechanism.
(By the way, what ever happened to the EDI/MIME effort, there has been
no activity there for weeks???)
Dave