Actually, I am delighted to hear you say that. If I were convinced that were
true beyond any reasonable doubt, I wouldn't be nearly so nervous about
supporting alternative structures such as the bare key option, as I would
suspect their usage would wither and die, and not be a problem. But I very
much
doubt that you have a concensus on that point with your co-authors, Ned and
Jim
having been extremely dogmatic about the general un-workability of the
certificate structure, the difficult of getting it started, etc. At least a
year ago I was beginning to have some serious doubts as to whether
public-key
cryptography was ever going to get out of the starting blocks, but recently
things are looking up. if you could convince Ned and Jim or your point of
view,
perhaps they wouldn't be arguing so hard! :-)
Once again you appear to have a major misunderstanding of my position. Whether
or not this is intentional I cannot tell, but the consistency with which you
attempt to twist things around has finally worn through.
Ned, if I have misunderstood your position on this issue, I am delighted to be
corrected. Perhaps I was misreading some of the points that you (most
recently), Jim, and Steve Crocker and a few others have consistantly made about
their view as to the general unworkability of the PEM certificate
infrastructure, and the necessity of supporting various alternative forms
because PEM is "broke," a "nonstarter", etc.
I will once again attempt to correct you on these points, but this will be
the last time.
I am not opposed to certificates. I would not have spent hundreds of hours of
my time working on implementing them if I were opposed to them. (I cannot even
begin to imagine the time and effort Jim and Sandy have put into
certificate-based schemes, so labelling them as opposed to certificates is
nothing short of ludicruous.)
I do not believe that certificates are unworkable. I believe that they are
quite workable. In fact I believe they are essential, and that's why I feel
obliged to support them one way or another.
I am very, very glad to hear this. This is the most positive statement on the
subject that I have yet heard on the subject from the PEM/MIME authors.
I have not beem dogmatic at all about any of this. My views have in fact been
modified numerous times by many contributors to this discussion, as I have
stated in previous messages. Frequently my views have changed in ways that
have
resulted in actual specification changes.
I have also been flexible in acceding to the wishes of various members of this
group, even when I felt that they were in fact completely wrong.
The only person who's being dogmatic here is you, and part of your dogma seems
to be your continued misunderstanding of what we're trying to accomplish.
I would request that my previous message, which I had intended to send
privately to Amanda but accidentally sent to the entire list, be viewed in the
context of the unfortunate on-again, off-again series of messages that we
exchanged. After reviewing the entire sequence, I can see where I got off the
track, and I hope that you can understand. The spirit of the message was to
express a certain amount of frustration, but also to enquire what possible room
there mght be for trying to come to an acceptable compromise. I think that the
number of alternatives that I have tried to explore with you suggests my
willinglness to compromise on many of these points in an effort to reach a
concensus.
What I do believe is that the present certs-or-nothing scheme is unworkable in
far too many cases. It raises the point of entry for PEM services to a point
many people cannot reach. This is the problem we're trying to solve.
I will agree to disagree with you on this point. It might have been a year ago,
but I am not convinced that it is true now. That does not mean that I am
completely dismissing all of the difficuties involved, or the possibility of
offering those suers some other forms to use to get started.
We need a means of bootstrapping widespread PEM services into existance
without
depending on nonexistant infrastructure and forcing people to make selections
and choices that at the outset they lack the knowledge to make, lack the
experience to make, and lack the reason and justification to make. Forcing
people to make choices that result in poor configurations may in fact result
in
major security problems.
We do this in MIME/PEM by providing non-cert-based services based on existing
infrastructure that people can easily set up and use. Once this is in place
and
people are basically familiar with the services (and this is a major step for
most people) the general utility of certs will become qpparent. If it doesn't
either we haven't done our job properly or else we have incorrectly assessed
the utility of certs from the outset.
I would have preferred to implement a simpler, direct-trust model using
self-signed certificates, in the interest of parsimony, as Amanda calls it.
Hover, although parsimony may have substantial merit in the assessing the
overall security of the system, to a significant degree it is an implementors
call. If you feel that strongly that it is preferable to implement two
different models rather than use only one, I suppose I should honro those
feelings. I just wish you weren't quite so adament about not even considering
marking thoe controversial sections as implementatation options, in case future
implementors might not agree with you.
And once people realize what certs bring to the table they can upgrade their
configurations without installing any new facilities. They can do this slowly
but surely and without breaking any existing applications. The serious ones
that seek widespread deployment of these services and who wish to minimize
their long-term management headaches will inevitably cut over to pure
cert-based service.
This is a much more positive outlook than I had previously ascribed to you. I
had the impression that most, if not all of the PEM/MIME authors had a much
more pessimistic view. I am quite ahppy to be corrected.
The only alternative that has been presented is to use self-signed
certificates. But there are two major problems with self-signed certificates:
(1) All you get rid of is some of the infrastructure requirement, so the
resulting point of entry is still far too high.
I don't think agree at all, but I'm willing to take this particular issue off
the table, at least for the purpose of the present discussion. Either offline
or online I'd like to discuss with you exactly what your views are with regard
to a desirable or acceptable distinguished name, for I simply don't understand
your point of view.
(2) Use of self-signed certificates makes the actual benefits of certificates
very confusing. In the present MIME/PEM scheme certificates and their
associated infrastructure clearly provide a quality of service that
non-cert
schemes do not, and allow implementation of policies that non-cert
schemes cannot support. But if you use certs to provide the lower level of
service people will not be clear one what the benefits of certificates
really are.
This is a fairly compelling argument. I think what it really comes down to are
the details of the implementation -- what is said in the reference manual and
the help screens, and what kinds of warnings, etc, may be displayed in various
circumstances. I had hoped that a direct trust, self-signed certificate would
have been flagged in such a way as to make these limitations (if any, depending
on your point of view and who you got the certificate from) perfectly obvious,
but these are implementaton details that perhaps cannot be specified in a spec.
As you suggest, at least the non-cert schemes should be obvious by their
syntax, etc.
Ned's recent discussion and understanding of distinguished names is so far
apart from my own, and I think most of the rest of this WG, that I really
wonder how we got this far along in the discussion. It would seem that we
have
been on separate planets.
You seem to have the option of living in the clouds. I do not. I have to have
something here that not only can I implement and sell, but that people can
actually set up and use. It is the latter that I worry about.
That's the only difference in locale that I see here.
I have been working on the issue of what constitutes a "good" distinguished
name for three years or more, both in this forum, the American Bar Association,
and the ANDF (more recently). In addition, we are presently evaluating whether
a public offering of X.500 would be a good busienss for GTE to go into, at
least from the technical perspective. so I don't think I have my head in the
clouds, nor in a darker locale. for you to suggest that a personal name
(commonName) is not appropriate for use in a DN is far from the normal
assumption.
On the other hand, we have been learning that there are a number of less than
obvious privacy concerns, etc., that might influence the choice of a DN a
non-monoply X.500 directory service provider environment, and perhaps these
need to be explored. I have recently begun to rethink my postion on what out to
be in a DN once we get to v3, and would welcome the opportunity to discuss this
with you in a clamer, longer-term environment.
Let me also say that I think there is an excellent chance that MIME/PEM will
fail, although for none of the reasons you have ever mentioned. For one thing,
we are very very late in this endeavour. There are already other formidable
players in this game that we have to confront, and there is no clear
indication
that we will win. And for another, it is not beyond possibility that I am
wrong
in my assessment that certificates as currently specified are an essential
service that people really need. If they aren't this whole effort is going
to die.
It's not clear to me who those formidable players are, or that we are
necessarily opposed to them. X9 and X12 have their constituencies in the
banking and EDI community, but they haven't yet come close to fielding an
effective, broad-based system.I am beginning to think that there is a real
possibility of PEM and PGP converging, and ultimately I think PEM and PKCS will
converge as well. DMS has a substantial follwing, in particular because Lotus
and Microsoft cannot afford to ignore those opportunities, but it seems
somewhat unlikely that everyone is going to embrace the Tessera cards after the
Clipper chip controversy.
I understand that from the standpoint of a developer who is always striving to
be 1 to 2 years ahead of the ordinary user, the PEM/MIME spedc may seem to be
awfully late. But my sample of most business users indicate that they are just
beginning to even think of using MIME seriously, and they are waiting
(patiently) for commercial-quality implementations to arrive so they can start
using digital signatures.
I've ben trying to do this kind of stuff for 10 years, and I get a little
frustrated, but I think the gernal public is just beginning to be receptive to
the entire notion. In general, I think that the user community is still waiting
for that killer application to put encryption and digital signatures on the
map.
Electronic mail, with or without MIME, may or may not be that killer
application -- it's hard to predict. My own view, at least up until November
8th, was that it would be health care benefits and insurance claims filing, but
now I don't know. Ask Newt or Hillary (Hillary who?)? :-)
However, although I might disagree with him from time to time, Ned is
obviously no dummy, and I will take the time to read what he has said
carefully
and try to respond equally carefully. Hopefully one of us will end up
educating
the other, or perhaps both of us will learn something. I will say that if
those
are his perceptions as to what a distinguished name ought to look like, no
wonder he has trouble building a certificate structure! I don't think I
could
either, given his self-imposed constraints.
This message is the final straw for me. Your continued misunderstanding and
misrepresentation of my position, despite a multitude of attempts on my part
to
correct you on literally scores of points, leads me to the unfortunate
conclusion that this entire discussion has been completely pointless. You
have brought it full circle, and are now ascribing to me the same incorrect
set of beliefs that we started with. Having come full circle, I see no reason
to continue.
I understand that you are frustrated, but I would have to disagree with the
misrepresentation business. I have been trying to address positions taken by
your and/or your co-authors for over a year or more. If I have confused yor
particular position with that of one of your co-authors, I apologize. I also
have been frustrated by what I have considered to be rather specious arguments
regarding the impossibility of implementing a certificate-based infrastructure,
and instead of citing particular problems and/or addressing ways of getting
around those issues, all I have heard is a restatement of your (collective)
belief that classic PEM has been, and perhaps still is, a nonstarter, and that
all of the alternative approaches have been equally flawed.
However, the amount of debate on this subject has become excessive on both
sides, and I ( and I suspect you) can no longer afford to devote this amount of
time to the argument. I have made my concerns known, and others will have a
chance to express their views as to a technical concensus.
However, before you flame, please read the following message to Amanda.
Bob
--------------------------------
Robert R. Jueneman
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
FAX: 1-617-466-2603
Voice: 1-617-466-2820