FW: MIME Security with PGP

Some rumblings from the PKIX list about the PGP/MIME integration effort...

Blake
--
Blake C. Ramsdell
DEMING SOFTWARE, INC.
<http://www.deming.com>

----------
From:  bjueneman(_at_)novell(_dot_)com[SMTP:bjueneman(_at_)novell(_dot_)com]
Sent:  Tuesday, April 23, 1996 10:37 AM
To:    iesg(_at_)ietf(_dot_)org
Cc:    ietf-pkix(_at_)tandem(_dot_)com
Subject:       MIME Security with PGP

The IESG has received a request to consider MIME Security with Pretty
Good Privacy (PGP) <draft-elkins-pem-pgp-03.txt> as a Proposed
Standard. This has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG will also consider publication of PGP Message Exchange
Formats
<draft-atkins-pgpformat-01.txt> as an Informational RFC.

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send any comments to the
iesg(_at_)ietf(_dot_)org or ietf(_at_)cnri(_dot_)reston(_dot_)va(_dot_)us 
mailing lists by May 22, 1996.

---------------------

I would oppose creating such a standard, especially because it has not
been through the normal WG processes where such proposed
standards are carefully scrutinized.

But over and above whatever technical merits or lack thereof the
proposed standard might possess, I believe that the introduction of one
more MIME security standard would lead to even more confusion in the
industry as to what should be supported.

There is no question that PGP is the single most popular standard for
encryption and digital signatures in the Internet today. There is also no
question, at least in my mind, that the whole notion of trust that is
embedded within PGP is badly flawed, both in theory and in practice.

I believe that the IETF and the IESG must rise above purely technical
considerations and also address the degree to which a standard in this
area will be considered (especially by those who are less than fully
informed about the issues) to be an endorsement of the underlying
mechanisms and technology. To my mind the incorporation of PGP into
MIME, even though it would undoubtedly be quite popular, would send
the wrong message and would have the effect of seriously delaying,
and perhaps even preventing, the deployment of a high quality system
such as S/MIME and/or MOSS.

Robert R. Jueneman
Software Engineering Consultant
NetWareSecurity R&D
Novell, Inc. M/S PRV-D241
122 East 1700 South
Provo, UT 84606
801/429-7387

<Prev in Thread]	Current Thread	[Next in Thread>
FW: MIME Security with PGP, Blake Ramsdell <= Re: FW: MIME Security with PGP, Raph Levien Re: FW: MIME Security with PGP, Nathaniel Borenstein Re: MIME Security with PGP, hallam Re: FW: MIME Security with PGP, Peter Williams Re: FW: MIME Security with PGP, Derek Atkins Re: FW: MIME Security with PGP, Raph Levien Re: FW: MIME Security with PGP, Peter Williams Re: FW: MIME Security with PGP, Harald . T . Alvestrand Re: FW: MIME Security with PGP, Peter Williams

Previous by Date:	remove from list, Andrew Leventhal
Next by Date:	FYI: comments on adoption of PGP/MIME standard, Jeff Cook
Previous by Thread:	remove from list, Andrew Leventhal
Next by Thread:	Re: FW: MIME Security with PGP, Raph Levien
Indexes:	[Date] [Thread] [Top] [All Lists]