On Thu, 28 Sep 1995, Peter Williams wrote:
At 11:28 AM 9/28/95 -0400, Donald E. Eastlake 3rd wrote:
I still think you are just blowing smoke wiht all the "very powerful"
nonsense.
more powerful, yes; very powerful, no. You misquote me.
See below a copy of your message of Tue, 26 Sep 1995 16:54:03 where
you use the exact words "very powerful". I do not misquote youa as
everyone who is on this list or is willing to look at the list
archives knows.
Anyway, I learned yesterday that the correct internet term for whats going
on,
which I described with "referral/hypermedia model", is a "embedded secure
URL".
The business semantics we are after are these: non-repudiation, or proof of,
submission and/or delivery and/or receipt. These security services are not, to
my knowledge provided by any of PEM, multipart/MOSS, or PKCS7. A fair
attempt at some of them is provided by MSP and EDIFACT. When MSP is layered
upon a Peer Access Enforcement function at the originator, then controlled
submission is also effected. But, so Im told, thats all DoD vapourware. If
one believes in the assurances of VANs, then its also provided by EDI. In NATO
secure X.400 deployment, and probably in Nortel/Entrust products also, such
assurances are credible.
(These smokey services are defined in X.400)
Yes X.400 has some receipt features. But I can't see what in the
world that has to do with "embedded secure URL" or what that has to do
with "embedded HTML" for "controlling UI behavior" or in what way or
sense you are embedding HTML in v3 certs as you said you were doing.
PEM, MOSS, PFP, RFC822, and S/MIME, as far as I can tell, all relate
to the structure of messages. They have nothing to do with "proof of
summission and/or delivery and/or receipt" and never tried or claimed
to provide such services. What you now seem to be talking about would
be at the SMTP level or equivalent.
What is your purpose in spewing out this nonsense littered with buzz
word where your target seems to change with every message? I think
one thing you are doing is convincing most people on pem-dev that you
don't have the faintest idea what you are talking about.
RSA DSI and partners seem willing. The market is using it. applications and
working code is available. All we need is the forum to take spec to standard
based on a technical consensus process.
What "it" are you talking about here? S/MIME? If so, as I say, it
doesn't seem to have anything to do with your latest claim as to what
you are talking about ("proof of summission and/or delivery and/or
receipt").
Are we prepared for a formal introduction?
How should this be accomplished?
If you wanted S/MIME considered, I would start by submitting an
Internet-Draft describing it along with a commitment to surrender
change control to the IETF.
Is this the right forum, or did do us all a bad service in introducing S/MIME
to pem-dev, particularly?
You are certainly doing a bad service. Get someone who knows what
they are talking about to give it a try.
Donald
=====================================================================
Donald E. Eastlake 3rd +1 508-287-4877(tel) dee(_at_)cybercash(_dot_)com
318 Acton Street +1 508-371-7148(fax)
dee(_at_)world(_dot_)std(_dot_)com
Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA)
=============================================================================
Received: from relay.tis.com by neptune.TIS.COM id aa12682; 26 Sep 95 19:54 EDT
Received: from rosetta.verisign.com(204.162.64.10) by relay.tis.com via smap
(g3.0.1)
id xma008742; Tue, 26 Sep 95 19:38:21 -0400
Received: from dustin.verisign.com (Gateway-Outside.Verisign.COM
[204.162.64.20]) by rosetta.verisign.com (8.6.12/8.6.12) with ESMTP id
QAA00376; Tue, 26 Sep 1995 16:56:13 -0700
Received: from peter ([192.42.157.77]) by dustin.verisign.com (8.6.12/8.6.12)
with SMTP id QAA10480; Tue, 26 Sep 1995 16:56:34 -0700
Message-Id: <199509262356(_dot_)QAA10480(_at_)dustin(_dot_)verisign(_dot_)com>
X-Sender: peter(_at_)dustin
X-Mailer: Windows Eudora Version 2.1
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 26 Sep 1995 16:54:03 -0400
To: "Donald E. Eastlake 3rd" <dee(_at_)cybercash(_dot_)com>
From: Peter Williams <peter(_at_)verisign(_dot_)com>
Subject: Re: Remote validation servers
Cc: pem-dev(_at_)TIS(_dot_)COM
Donald:
What "more powerful security semantics"?
...
Donald:
And I don't see that this has much to do with v3 certs.
Here we disagree, Donald. The embedding of HTML (or the mime content-type
conveying HTML explicitely or by referral) in v3 certs is very powerful
means of controlling UI behaviour indeed.
Peter.
======================================================================