On Tue, 26 Sep 1995 11:58:23 PST, spock said:
The S/MIME effort started out with 3 goals in mind; basic security
services, strict interoperability and quick time to market. In order to
Umm.. I may have read this too quickly, and without benefit of enough
caffeine, but this read entirely too much like "Let's get a working product
that does SOMETHING out the door NOW and worry about warts later".
Is "quick time to market" really something you want in a scheme being
pushed as a "standard" way to do crypto? Seems every time I read a
book like Schneier's "Applied Cryptography", the refrain is always
"Never trust a scheme that hasn't been poked at by a lot of people for
a long time".
In my opinion, the S/MIME design discussions were no more "private" than
any early architecture discussions involving small groups of highly
motivated individuals/vendors within the IETF or anywhere else. It has
always been our intention to submit this S/MIME specs to the IETF as soon
as there is "rough consensus and working code".
Hmm.. Looking at some pages on Netscape's web server(*) it appears that
it's gone *way* past 'working code' status - they're planning to release
S/MIME to the entire planet within the next few days. This is *NOT*
the usual IETF "working code" prototype.
Valdis Kletnieks
Computer Systems Engineer
Virginia Tech
(*)
http://home.netscape.com/comprod/products/navigator/version_2.0/security.html