its becoming clear to me that the trend by the ISVs for security handling
is going against communications designs, into info stream designs.
In this cryptic comment (and, apparently, this is a professional, internet
thing to do) I mean that for a for a word/excel/foo document type, that
an (networked) OLE server can perform the privacy-enhancement facilites
(using
Peter, I _think_ I catch your drift, and I _think_ I agree, but it would be
helpful (even at the expense of being a non-cryptic, non-internet
professional?) if you would elaborate on this somewhat. I also think that this
would have beeen an interesting subject to discuss at the IMC meeting, which I
unfortunately could not attend.
It is becoming clearer that web usage (basically a pull model) may eventually
overtake e-mail (a push model) for many kinds of communications, perhaps
especially lists such as these. In any case, I'd like to have the ability to
send only the name/reference of a document to someone, alerting him with a
"Hey, check this out", and have the user retrieve it when and if he feels like
it. I know some of my mail messages are too long for some (many?) peoples
taste, but they pale in comparison to someone who sends me a unsolicited 500K
or 1.5MB Postscript file. And it always seems to happens when I am on the road,
using a hotel's phone system that likes to limit modems to your basic
tom-tom/smoke signals baud rate.
To the best of my knowledge, none of the available e-mail systems directly
support such a usage, and the last time I checked Ned Freed indicated that MIME
didn't have all of the pieces in place to support such a reference to a signed,
perhaps encrypted external document.
In fact, I'm not even sure whether signing or encrypting of an HTML document is
well-defined, especially to the extent that it includes links to external URLs.
I'm almost certain that the hooks necessary to include a message digest of the
linked-to document within the linking document aren't there. This is
independent of whether any of the available browsers would support the
signature validation and/or decryption.
It seems to me that we need to make progress on two fronts -- first the
definition of an extended, multimedia object that not only can directly contain
multiple parts, but can also securely reference external documents or document
parts via a secure embedded URL.
Once we have the basic information architecture/structure defined, then we can
talk about how best to transport it, whether via e-mail, OLE, etc.
Bob
Robert R. Jueneman
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
1-617-466-2820
Jueneman(_at_)gte(_dot_)com
"The opinions expressed are my own, and may or may not agree
with the official position of GTE, if any, on this subject."