If we
had simply replaced RFC 1421 with an enhancment to add security to
MIME body parts, I think that the result would have been met with
acclaim.
The MIME/PEM proposals, by my reading of them, do exactly this. They provide
an alternative representation of the same things that RFC 1421 can
represent. They also provide the mechanism for a superset of the policies
in RFC 1422, but I again am strongly in favor of separating policy from
mechanism.
I understand that from a vendor's perspective, adding additional features and
ways
of doing things sounds like an offer no one could refuse. But from a security
perspective, adding new or different ways of doing things can _significantly_
impact the level of assurance that is provided to the user. The security
policies
that were embedded in classic PEM were carefully thought out, argued, and
debated
at length by a number of people with extensive experience in this area. The new
specs (and here I am talking almost exclusively about the key/certificate
management aspects) abandoned those principles and adopted new ones. But
instead of
giving solid justification for the new approach, the new spec is a delta off the
old one, with little if any consideration given to the impact. My concern is
that
we end up with something that is not nearly as simple and easy to understand as
PGP, nor as (reasonably) secure as classic PEM -- ie., the worst of both worlds,
rather than the best.
Alternately, we could have fixed some of the problmes that
were slowing down the adoption of PEM, and that also would ahve been
well received.
This seems, in fact, to have been the motivation for MIME/PEM in the first
place.
I don't think that it was the absence of MIME features that was blocking PEM.
The
problems were much simpler than that, and more easily fixed.
Unfortunately, instead of adopting that rather simple solution
and preserving all of the work that had been done to date, some of
the folks at TIS decided to combine all of the benefits of
southern efficiency and northern charm (can your beer do this?) into
one indigestible system with flaws that are now perceived as
rather serious, at least to a significant portion of the user community.
I don't quite see it this way. I see an attempt to actually build something,
only to be confronted by a wall of "Not Invented Here." TIS deserves a lot of
credit, in my book, for actually building what they are proposing. We can all
want whatever we like, but someone has to put fingers to keyboard and write
the software. And right now, my impression is that the people who are willing
to do so (me, Ned, Jim, etc.) are being blocked by people who want us to build
their personal castles built in the air instead.
Perhaps not too surprisingly, I see the same set of facts somewhat differently.
My
group and others had a fair amount invested in PEM code and supporting
infrastructure. In addition, there are a number of commercial offerings that
have
either been released or are quite close to being released, although some have
adopted the PKCS model with its extended certificate rather than the more
limited
PEM model. Many of us were working very hard to build up the various legal and
other infrastructure tools to make the public key infrastructure a reality,
only to
have a project that was partially funded by the USG decide to go off and do
things
theri own way.
No offense meant to anyone here, but I find this *extremely* frustrating.
It should be painfully clear by now that there is an ample amount of
frustration on
all sides -- enough to go around several times!
It is also unfortunate that it is those large customers who are
most likely to benefit from the use of complex MIME structures for
moving forms and electronic doucments around, rather than the AOL
newbies would wouldn't be willing to pay for commercial quality
services in any case.
It's those AOL newbies who are the biggest market for the services we're
discussing. EDI will trundle on its merry way even if we don't come to
closure, as will the Post Office (who'll probably ignore the Internet
altogether and decide that X.400-84 is the One True Way), and so on.
No, the EDI community is greatly interested in finding a set of common
solutions.
They don't want to reinvent the wheel. And the Post Office is going into
business
to sell certificates to whomever wants them. They will want to sell what their
customer's want, but they are large enough to signficantly affect those wants.
It's the mass market that will be affected by what we do here more than any
other community.
It is certainly not my place to tell you what your market is. but I might
observe
that GTE has approximately 90,000 employees, many if not most of whom have
computers and send e-mail, if only to coordinate which telephone pole they are
going to climb next. Last time I looked, Motorola had a few people working for
them, too. And certainly NASA and the USG, whose viewpoint Peter is trying to
represent (or lead, more likely). Bellcore and similar companies are not tiny,
either. (You might ask the Intel/Pentium folks who carried the most weight in
forcing them to turn around their position.)
But if this were to turn out to be a large customer/small customer issue and we
only ended up serving a portion of the overall user community, I would be very
disappointed. I certainly hope that we can come up with a compromise that
satisfies
the vast majority of the potential users, and does so without impacting the
vendor
community too badly. In short, I want your/Jim/Ned's products in the
marketplace,
and I want them to succeed. I'm not building products to compete with yours,
except
as may be required to demonstrate the feasibility in an R&D sense.
Vendors such as you and Ned would therefore seem to be on the horns of
a dilemma -- you have presumably invested substantially in a product
that doesn't seem to fit either marketplace terribly well.
Right now, the biggest hole in our products are security services. That's why
I am spending hours at a time reading pem-dev and trying to contribute to
getting a proposed standard in place. I am not doing this because I like to
see my own words come up on my screen.
I certainly appreciate that fact, and I assure you that I feel likewise.
Contrary
to what some might think, I don't get paid by the mega-word, and within GTE I
probably get more flack than praise for the effort expended.
Is it absolutely too late to try to turn back the clock, salvage
the excellent work done in the MIME area, and graft it back on to
an mildly extended RFC 1422 certificate-based processing scheme along
the lines I sketched above?
Well, we could nuke the new key management stuff, endorse self-signed
certificates as an alternate security model, and leave the rest unchanged. I
would have no problem with this.
That would satisfy at least 95% of my concerns. The result might not be
absolutely
perfect, but would certainly constitute a solid basis for further development,
should that be needed.
The clock is ticking, though.
I understand. Mine started ticking at 5:30 this morning, well before I normally
get
up, and I've been sitting at the keyboard for the last 14 hours doing nothing
but
this. I'm equally sure that you, Ned, and others have been similarly occupied,
unless you can read and type a lot faster than I can. :-) Hang in there -- I
think
we are beginning to converge.
Regards,
Bob