In my opinion, MIME Security with Pretty Good Privacy (PGP) should become
an Informational RFC, not a Proposed Standard RFC. There are several other
alternatives including S/MIME and MSP-MIME. None of these protocols have
been developed in the IETF. If any of these is to become a Proposed
Standard RFC, I think the process should involve an IETF working group.
Being developed in the IETF process is not a precondition to becomming a
standard. The issue is one of change control. Stopping a company from
developing
a proprietary technology and then getting the IETF to standardize it. S/MIME
was
developed by RSA at a time when PEM was the IETF solution and PEM was not a
success.
I would support the formation of a Working Group to select a standard MIME
security solution. However, as I am use you are aware, the IMC has been
trying to perform a comparison if the various approaches, and consensus is
difficult.
I think that this role is for the market to decide. What could the working
group
possibly contribute to a standard? IETF process is for developing standards,
not
selecting standards for others.
When the IESG got involved in the IP-V6 shakeout they were selecting between
partially developed research proposals trying to solve a pressing problem. they
were not attempting to select which of a number of deployed solutions should
become the dominant one.
Phill.