From: Jueneman(_at_)gte(_dot_)com
Date: Wed, 04 Jan 1995 16:39:31 EST
I was lying awake last night and this morning trying to think about how to
phrase
my objections nicely, but you've said it perfectly. If we had simply
replaced RFC
1421 with an enhancment to add security to MIME body parts, I think that the
result
would have been met with acclaim. Alternately, we could have fixed some of
the
problmes that were slowing down the adoption of PEM, and that also would
ahve been
well received.
That's what MIME/PEM is! It also includes additional key management
facilities that go beyond what 1422 offers, and that seems to be where
people get heartburn.
If you have an implementation that wants to only implement the RFC 1422
subset under MIME/PEM, there's nothing in the MIME/PEM draft, by my
reading, that would prohibit this. (This is modulo the key selector
issue --- the key selector issue means that you have to store one
additional bit of information in your X.500 directory, but X.500
directory are supposed to be the best thing since sliced bread, and
they're flexible enough to handle this, right?)
If you only implement the RFC 1422 subset, then of course you have a
interoperability problem, but if someone is sending you a message that's
outside of your strict hierarchy, you don't *want* to interoperate with
them. After all, you've decided you only want to communicate with
entities that can be proven (up to a liability of $X million dollars)
came from a specific human being that you can sue.
If you implement the whole shebang, then you can accept messages from
both people in the strict hierarcy, *and* people who decided that a
looser, Volksmail approach is acceptable for their requirements.
What's the problem?
- Ted
P.S. Please, everyone, let's remember that if we elevate MIME/PEM, it's
to a *proposed* *standard*. We're allowed to change proposed standards.
We're allowed to deprecate them later on, even. Vendors who ship
proposed standards as products have no standing to gripe if we change
things later on, especially if we have a good reason --- that's the
definition of proposed standard. I think we're setting bar unreasonably
high for MIME/PEM.