Date: Mon, 12 Dec 1994 19:11:17 -0800
From: Peter Williams <williams(_at_)atlas(_dot_)arc(_dot_)nasa(_dot_)gov>
We are succeeding to ignore the same old structural problem, that
MIME-PEM and its promoters does/do not aim to achieve the goals of the
WG. Quite to the contrary it seems to seek to undermine, and replace those
goals. This is hidden in the details of the proposal, but manifests
itself in technicalities of identity, distribution, certification, and
(globally) infrastructure expectations.
What do you think the "goals of the WG" are? I think a large part of
the problem is that there many different peoples both attending the PEM
working group, and participating on this mailing list, and there is a
large, divergent set of goals held by these people.
Some people want to tie, in a strong, practically legally irrefutable
way, an email address to a person, such that if you receive a PEM
message from that person, you would know, beyond a shadow of a doubt,
that it really came from that person. This is a very hard problem,
though, and it spawned long, legal agreements that companys who wanted
to run CA had to sign, which such wonderful conditions such as drug
tests, and paying large sums of money in order to become a CA.
Other people questioned whether this was at all reasonable. They
pointed out that no strong assurance is used today; fax'ed PO's for tens
of thousands of dollars are routinely accepted, and even a confirmatory
phone call is not proof positive that it came from one and only one
legal person.
In the mean time, the market has spoken; the wide spread deployment of
PGP, and the general lack thereof of PEM, indicates that PGP is doing
*something* right, and PEM is doing *something* wrong.
Hence, over the last couple of years, the WG has been gradually moving
away from the strict, pee-in-the-bottle mentality of the original
drafts, and attempted to offer more options. The first such move was to
have a PCA's that certified different policies. Some might be your
strict, highly expensive, commercial hierarchies. Others might offer
less assurance at substantially lest cost.
In the latest version of MIME-PEM, there is even greater flexibility.
If you want to do the PCA thing, you can, but if you just want to do
some other trust model, the option is there. This, in my opinion, does
not preclude the original goals of the some of the people in the WG. It
however, does make it possible for people to explore other trust models
if they so desire.
An argument can be made that they shouldn't be allowed to try
alternative trust models, and the standard should actively make it
impossible to do so. In other words, "we're Big Brother, we know what's
right, and when we want your opinion, we'll give it to you." The U.S.
government tried that with Clipper, with disastrous results. For that
reason, I believe MIME-PEM is on the right track. Otherwise, PEM has
the danger of becoming largely irrelevant.
- Ted