[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What this WG is doing

To: Adam Back <aba@xxxxxxxxxxxx>
Subject: Re: What this WG is doing
From: "John W. Noerenberg" <jwn2@xxxxxxxxxxxx>
Date: Wed, 29 Oct 1997 00:40:44 -0800
Cc: iang@xxxxxxxxxxxxx, rodney@xxxxxxxxxxxxx, ietf-open-pgp@xxxxxxx
In-reply-to: <>
References: <> (message from Ian Grigg on Tue, 28 Oct 1997 15:02:30 +0000)
Sender: owner-ietf-open-pgp@xxxxxxx

At 10:39 PM +0000 10/28/97, Adam Back wrote:
>Ian Grigg <iang@xxxxxxxxxxxxx> writes:
>> Rodney Thayer wrote:
>> > >From: lutz@xxxxxxxxxxxxxxxxxxx (Lutz Donnerhacke)
>> > >IMHO: We can't document features or bugs made by a company while we are
>> > >working on the draft. We can't document bugs as features. Several
>> > >implementation flaws of PGP 5.x must be cleared in this draft.
>> >
>> > Exactly what flaws of PGP 5.x that manifest themselves as aspects of the
>> > message format are you referring to?
>>
>> Anything to do with CMR.  This issue is well documented elsewhere,
>> elsetime, so I won't repeat it here (let me know if I should summarise).
>
>Seconded -- no CMR.
>
>Experimental new features should be implemented outside the standard.
>IETF is supposed to document current practice, not bleeding edge
>experiments of one vendor -- standards lag behind, and that's the way
>it should be.

In general this is not correct, Adam.  There are numerous examples of
experimental work done within the IETF.  Good current examples include
multicast protocols, and IPv6.

However, our goal is not to go too far afield with PGP.

Clearly CMR is a contentious issue within this group (and elsewhere).
Rightly or wrongly, there is a perceived need for it by some who
nevertheless wish to encourage greater use of cryptography to protect their
organization's communication from others.

My view is that the protocol we produce should never mandate CMR.  But it
would be wise to document a means to implement it for those willing to risk
potential limitations on their interoperability with others.

So far, I see arguments on both sides of the issue.

>
>It is possible to implement functionality extensions interoperably
>outside the standard in that a proprietary extension can be used only
>for communications between so enabled software.  The same kind of hack
>to distinguish recipient type can be used as is currently used to
>distinguish between things like pgp2.x, cryptix2.2.2 and pgp5.x -- the
>keys have different version numbers.

We're not that far apart in our attitude here.

john  w noerenberg, ii
jwn2@xxxxxxxxxxxx
pager: jwn2@xxxxxxxxxxxxxxxxxx
  --------------------------------------------------------------------
  "The great man is he who in the midst of the crowd keeps
   with perfect sweetness the independence of solitude."
  -- Ralph Waldo Emerson, "Self Reliance", 1841
  --------------------------------------------------------------------

Follow-Ups:
- Re: What this WG is doing
  - From: Adam Back

References:
- Re: What this WG is doing
  - From: Ian Grigg
- Re: What this WG is doing
  - From: Adam Back

Prev by Date: Re: What this WG is doing
Next by Date: HTTP key lookup request and Host: (was: Re: key server lookup protocol?)
Previous by thread: Re: CMR/ARR and OpenPGP (Re: What this WG is doing)
Next by thread: Re: What this WG is doing
Index(es):
- Date
- Thread