Steve/Dave:
Cutting through the rhetoric, I don't see there is a significant issue here. I
have seen no recent objections to supporting PGP-style key distribution in
PEM-MIME. I also know there is a firm business need for X.509-based
compatibility as well. The current PEM-MIME proposal supports both, so seems
to
be squarely on the right track. Why not accept this and move on?
I owe Steve answers on a couple of points:
o The documentation is not available online.
Good point. I agree that progress is needed on IETF/ISO collaboration
to crack this properly. In the meantime, informal distribution means
can be used to ensure that progress is not hampered.
Informal distribution? Does this mean we can scan in ISO documents
and distribute them as Internet Drafts?
I meant that, while ISO drafts and standards are not formally distributed as
I-Ds or RFCs, they are made available on-line by other means. Hoyt Kesterson
has posted all the pre-publication 1993 X.500 documents for annonymous ftp from
nc-17.ma02.bull.com. We believe that the finally published texts will be
freely
available from the ITU server. I am endeavoring to distribute on pem-dev all
significant working draft developments in the X.509 area.
It comes back to fundamental goals. Creating a PEM
public-key-infrastructure island does not satisfy my goals. I work
with a customer and vendor base which wants to maximally exploit
public-key technology by building indefinitely- scalable
infrastructures which can support unlimited applications, e-mail being
an important one. This means sharing of credentials, end-user crypto
tokens, and certificate management infrastructural products. Broad
acceptance of common infrastructural standards is an essential
ingredient.
I don't know what customer and vendor base we're talking about, but I
assume you're referring to some large community of people who live
with X.400 and X.500 based systems. I don't know how large a
community they represent, but we might have been far better off to
treat them as a subsidiary community instead of the center of the
world.
I am talking about the major computer/software vendors (e.g., Microsoft,
Apple),
the US financial industry, the US DoD (MISSI program), other US govt. depts.
(e.g., IRS, NIST, USPS), various large corporations, and various non-US
institutions all of whom have commitments to X.509 infrastructures and many of
whom have systems in advanced development or deployment. Most of these people
also have a commitment to X.500 but, in general, not to X.400. There is
currently a major need for a standard end-to-end email enveloping protocol, and
PEM-MIME may well fit that need for a very wide community, provided X.509
compatibility is present as an option.
Warwick