At 11:28 AM 9/28/95 -0400, Donald E. Eastlake 3rd wrote:
I still think you are just blowing smoke wiht all the "very powerful"
nonsense.
more powerful, yes; very powerful, no. You misquote me.
Anyway, I learned yesterday that the correct internet term for whats going on,
which I described with "referral/hypermedia model", is a "embedded secure
URL".
The business semantics we are after are these: non-repudiation, or proof of,
submission and/or delivery and/or receipt. These security services are not, to
my knowledge provided by any of PEM, multipart/MOSS, or PKCS7. A fair
attempt at some of them is provided by MSP and EDIFACT. When MSP is layered
upon a Peer Access Enforcement function at the originator, then controlled
submission is also effected. But, so Im told, thats all DoD vapourware. If
one believes in the assurances of VANs, then its also provided by EDI. In NATO
secure X.400 deployment, and probably in Nortel/Entrust products also, such
assurances are credible.
(These smokey services are defined in X.400)
RSA DSI and partners seem willing. The market is using it. applications and
working code is available. All we need is the forum to take spec to standard
based on a technical consensus process.
Are we prepared for a formal introduction?
How should this be accomplished?
Is this the right forum, or did do us all a bad service in introducing S/MIME
to pem-dev, particularly?