PROPOSAL:
I propose that we approve the current PEM/MIME specification for standards
track consideration, including the present key selector syntax, alleged warts
and all, AND SIMULTANEOUSLY that we formally adopt version 3 of X.509 (as
proposed in the Draft Technical Corrigendum distributed by Warwick Ford) as an
integral part of the PEM/MIME spec. This would be with the understanding that
the first one or two implementations of that spec may not fully support the v3
certificate extensions, maybe not even those flagged as critical.
I'm quite sure that we could all get in and debate the merits of one bit or
another in the new X.509 specification, but I think that a number of people
have already gone through a lot of that. At this point, I am willing to take
on
faith the fact that the new certificate standard is reasonably sound
technically and an adequate basis for us to move ahead, just as I am prepared
to accept that the current PEM/MIME spec is technically sound with respect to
the basic MIME functionality.
I have no problem with pursuing this goal. I would prefer to see it done as a
separate specification in order to save time and reach some closure on the
matters presently before us, but I certainly would support a separate document
along these lines.
However, I think there's a very good chance that this proposal will run into
serious procedural problems. I base this assessment on previous experience with
the MIME RFC.
Specifically, the MIME work was eventually blessed by the Working Group and
advanced to the IESG. The IESG noticed almost immediately that the MIME
specification referenced a document which, at the time, was only a draft ISO
standard: ISO-8859-10. (We had already removed similar references to ISO 10646
because there was every indication ISO-10646 wasn't going to make it past
balloting, but we were under the impression that ISO-8859-10 was basically a
done deal.) We were told that substantive references to draft ISO documents
were absolutely forbidden. The only ISO documents we could reference were
actual approved standards.
I don't believe that the v3 X.509 certificate format hasn't even been through
the ISO machinery to come out as a draft, to say nothing of the making it
through the balloting process prior to becoming a standard. As such, I believe
there is an excellent chance (like 100%) that the IESG will refuse to move
any documents containing references to it along the standards track.
I think this effectively precludes a simple reference to such a document. There
are, of course, other options. One is to simply specify our own new
certificate format in a document that (surprise) happens to be the same
as what the v3 X.509 certificate looks like. Without any substantive references
the IESG probably will not have any procedural problems with such a
specification.
However, the production of such a specification is much more difficult than
the production of a simple specification that is basically nothing but
a reference to another document. This is going to take some time to do, and
time is something we don't have much of in the context of MIME/PEM.
As such, I feel that the Working Group should reach closure on the MIME/PEM
specification AND start working on a new specification that describes a
certificate format (that happens to be the v3 X.509 format) for use in PEM.
Ned