During this final call, I call for the removal of all text and protocol
specification, grammars, and procedures from the MIME/PEM spec
concerning the much discussed "keyid" notion. This call does
not imply tht I object to the introduction of MIME/PEM into
the stds track. However, it does state the areas of major concern
which ought to prevent the specification as
currently formulated from proceeding very far in the std. protocol process
without appropriate revision.
Jeff, contrary to your assertions, I do not support the notion of
keyid, in PEM. i believe it runs contrary to the notion of a standard
privacy service based on RSA Key Exchange, as currently formulated.
Text and Comment has been received which indicates that
(1) UA PEM procedure functionality will be required to handle key
management, rather than certificate management. This is a fundamental
change which has ramifications of introducing conceptual and
interactive complexity beyond the capability of the average user to
handle without exposing him or herself open to significant risk of
being spoofed during key distribution, and all subsequent PEM privacy
enhancements.
(2) UA PEM procedures will be required to track on a per-recipient
basis the state of and procedures used in previous key distribution
interactions. This is a fundamental change which has ramifications of
introducing unscalable and untrackable key management over the life
cycle of user-user communciation and re-keying policies; and,
introduces high risk of disclosure of encrypted content to masquerading
parties through the vulnerabilities introduced in the re-authenication
procedures of keying material to be used during RSA key exchange procedures
(3) no facility has been specified which facilitiates the revocation of
keying material distributed using authenicated or unauthenicated
channnels. A fundamentally incomplete identity protocol is therefore introduced.
(4) a recipient of a forwarded signed message may be in a position of
being required to establish out-of-band contact with the originator in
order to establish an authenticatyed channel over which which to
receive keying material necessary to validate message origin. Name form
cases exist in which no communciation details are ever available,
preventing third-party reauthenication of the originator's cliamed
identity. This introduces ramifications for the anonymous origination
usage mode of PEM, in which it is not always the case that a given
message stream can always be proven to originate from a given party.
In summary, I find the proposal quite horrendous in essence, when RSA
is used as the key exchange algorithm. in the absence of discussion of
alternative key exchange algorithms suitable for a store-and-forward
key exchange system based on key management, rather than certificate
management, I find the general notions contrary to the goal of
providing standard privacy services.