Re: Remote validation servers

On Mon, 25 Sep 1995, Peter Williams wrote:

Its different because most security multipart messages will be signed in 
their
entirety. There is no reason to do otherwise. This contrasts sharply with
S/MIME, where most if not all messages are destined to be in some variant of
this peculiar format, where servers will have no choice but to deal with a
mixed semantic bag.


Freed and Crocker have both expressed community concern that S/MIME was
developed outside
the IETF framework. There was no choice under the friendly rules we all
follow here; the
MOSS activity within PEM-WG actively reached consensus that IETF standard's
activity on more
powerful security semantics should be avoided until the IETF can first get
MOSS through
to at least RFC status.


What "more powerful security semantics"?

It is true that S/MIME exploits more powerful abstractions than MOSS - being
designed
to be part of a protection system covering upper-layer referral/hypermedia,
versus
classical comsec, communication models.


I can't make anything out of the above statement except possibly that
it is a buzzword laden piece of marketing hype.

The S/MIME properties have been shared widely with the software industry by
RSA DSI.
If the rules of this group can be changed, then it would be appropriate to
review S/MIME
in its entirety. Are we willing to withdraw the request to promote MOSS to
RFC status
in order to pursue S/MIME integration? Given the linkage with the v3 
certificate
key management framework, this will take a long time, based on previous
experience
with this list!


There isn't any reason to stop the progress of MOSS to consider other
possibilities under MIME security multipars.  A PGP draft just came out.
And I don't see that this has much to do with v3 certs.

Personally, Im torn on such a question. Do we publish a MOSS RFC which is (in 
my
own personal view) too late for the messaging industry's technology
migration curve,
or do we delay yet more?


I don't see an either/or decision.

Peter.


Donald
=====================================================================
Donald E. Eastlake 3rd     +1 508-287-4877(tel)     dee(_at_)cybercash(_dot_)com
   318 Acton Street        +1 508-371-7148(fax)     
dee(_at_)world(_dot_)std(_dot_)com
Carlisle, MA 01741 USA     +1 703-620-4200(main office, Reston, VA)

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Remote validation servers, Peter Williams Re: Remote validation servers, Ned Freed Re: Remote validation servers, Donald E. Eastlake 3rd <= Re: Remote validation servers, amanda Re: Remote validation servers, Ned Freed Re: Remote validation servers, Jeff Thompson Re: Remote validation servers, amanda Re: Remote validation servers, Peter Williams Re: Remote validation servers, Donald E. Eastlake 3rd Re: Remote validation servers, Wurtis Re: Remote validation servers, Ned Freed Re: Remote validation servers, Peter Williams Re: Remote validation servers, Donald E. Eastlake 3rd

Previous by Date:	Re[2]: S/MIME, spock
Next by Date:	Re: Remote validation servers, Peter Williams
Previous by Thread:	Re: Remote validation servers, Ned Freed
Next by Thread:	Re: Remote validation servers, amanda
Indexes:	[Date] [Thread] [Top] [All Lists]