While it is probably true that all of the bandwidth consumed by a
small group of individuals on this group within the past few
months has been well-intentioned, I would like to urge the chair
to move forward with a version of the MIME/PEM draft RFC which
serves the intent of the original PEM specifications based on RSA
and a certificate hierarchy of trust.
I have read all of the postings and have found many to be incon-
sistent and very confusing. While I do NOT claim to understand
all of the technical issues, I am not convinced that holding back
the RFC while trying to integrate PGP into the RFC is appropriate
or necessary.
In the past few years, I have designed and managed the implementa-
tion of the first and largest of the EDI-over-Internet projects
(recently passed the 3 million transactions level of X12-in-SMTP
involving over 1,800 companies and 8 VANs). But, because of the
urgent need for integrated MIME/EDI/PEM capabilities and an in-
frastructure for key management, I have delayed using standard PEM
within my systems.
At the January '95 RSA Data Security Conference, it was clear that
the commercial market is ready now to support a wide variety of
RSA-based products, and the software key-escrow approach proposed
by Trusted Information Systems is a well-thought-out plan for key
management. I believe it is now time to get on with publishing the
long-awaited MIME/PEM RFC.
If there is something specific I can do to help accelerate closure
on the MIME/PEM draft RFC, I would like to be advised.
======================================================================
Robert E. Frank, Lawrence Livermore National Laboratory
======================================================================