>From: Ned Freed <NED(_at_)innosoft(_dot_)com>
>Subject: Re: Re[2]: Comment on draft-ietf-pem-signenc-01.txt
>Date: Thu, 04 Aug 1994 08:22:46 -0700 (PDT)
>As such, which I completely agree that the provided services need to be
fully
>described, I also think that that attempting to document combinations is
very
>risky and probably more of a disservice than a service. A few demonstrably
>useful ones can be documented if need be, and preferably in some ancillary
>informational document, but it needs to be clear that other combinations are
>possible.
Its even worse than you may realize. Not only must one document the
specific security services properties, and demonstrate that the that
the various mechanisms do not collide in the provision of the claimed
service, but one must phrase the specification in terms of assurance
evaluation criteria, even for the lower levels of such classification
systems, at least when producing products likely to be recogised by the
professional security and banking industry.
Choosing, for example, between a design for a large miltary messaging
system, based, on open technology, where technical material supporting
one technical bid spec. has such a documentation format, and another
does not, would be a big factor in eliminating technical bids, I would
judge. Who wants to buy a design which refuses to make claim of what it
does, and what it does not, and what it is designed and built to not do?!
>I disagree. First of all, there is nothing that says that RFC1421 always
>protects the entire content. Second, MIME-PEM can be used to protect not
only
>the entire content but also the outermost message headers, making it a
superior
>service in this regard. Third, the price you pay for using RFC1421 is the
loss
>of content labelling. In many cases this is too high a price to pay.
> Ned
Such a superiority argument is not particularly valid when when cannot
judge its rationale against the objective it purports to support.
However I recognise its subjective emotional appeal. A communications
security design which require protection of such addressing information
can easily be attacked on the difficulty which such designs make of
operating such protected systems in a massive, open technnology
communities involving many nations (as with NATO), international comms
treaties, GATT tarrifing, n generations of technology, ... but, then,
thats not what we are doing here at the IETF, is it?! we need to
concentrate on design enhancement for the privacy of Internet messages,
for the community of research and educational Internet users.
For the argument to stand as it stands now, it implies that the design
objective of the existing PEM is not being satisfied by the protocol
known as RFC 1421. And this implication itself, if true, would certainly be
very significant. We should know find out from you what makes the original
assertion true, Ned, remembering the scope of our activity.
I do recognise that research aimed at providing connectionless
security using messaging is an active subject. MIME-PEM is certainly a
major on-going contribution to that R&D process.