I certainly agree that one of the major factors that has been holding back PEM
usage (and business use of PGP and RIPEM, for that matter), is the lack of a
decent, integrated GUI interface on a commercially viable platform, i.e.
Windows and/or the Macintosh.
There is no question that there is significant interest in MIME. Because my
primary goal has been to see a comprehensive public key infrastructure evolve
that would support generic objects with embedded secrecy (encryption) and
integrity (who done what to whom) labels (as opposed to e-mail per se), and
becasue MIME seemd to be a considerable step in that direction, I was happy to
see someone try to combine PEM and MIME.
However, if I had been ARPA and was doling out money to support interesting
schemes, I would have much rather had them support an interface to an X.500
directory that could be used to retrieve e-mail addresses, cryptographic
certificates, etc., and then support the cryptographic functions defined in the
PEM RFCs, I think we would have been much further along. The MIME support could
have been added later. But all that is pretty much water over the dam, at this
point.
The question before us is whether the public key interface that has been
proposed to support this new elephant is sufficiently robust and of sufficient
interest to a wide-spread community as to merit its general adoption. I think
we should procede to debate the merits, calmly and dispassionately, and either
adopt it, fix it, or reject it.
Bob
--------------------------------
Robert R. Jueneman
Mgr., Secure Systems
Wireless and Secure Systems Laboratory
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
Internet: Jueneman(_at_)gte(_dot_)com
FAX: 1-617-466-2603
Voice: 1-617-466-2820 (rolls over to cellular and/or my house
if no answer -- have patience)