What is the balance between the added users and the vendors
who will not integrate PEM into their products due to the
uncertainty in the future of PEM (demonstrated here) OR due
to the added MIME requirements?
I haven't integrated PEM into my products because I require it to work in a
MIME environment. Every day we go without settling on a MIME/PEM interaction
is a day I don't sell PEM-aware mail software.
Hear hear! This is exactly the position I'm in.
If I figure in time to market costs, every day of this debate is costing my
company *thousands* of dollars. Eventually, I will no longer be able to
justify waiting, as much as I believe that the IETF process is the right way
to set standards.
I'm in complete agreement here as well.
What is the cost of having vendors go off and implement MIME+PEM on their own,
ignoring the discussion here? Personally, I think it's very high. But it's a
cost to factor in if you're doing a cost/benefit analysis.
Frankly, I think that unless we reach some closure here in very short order PEM
will be dead and buried. The PGP folks will be starting work on MIME/PGP
(hopefully based on the same security multipart facilities) soon, and if that
reaches closure before PEM does I'll implement it instead.
Mind you, I'll probably have to implement MIME/PGP support in any case, but if
MIME/PGP becomes real while the MIME/PEM just fritters along aimlessly for
another couple of years, there won't be any demand left for MIME/PEM even if
closure is reached eventually.
Ned