|
> -----Original Message----- > From: owner-ietf-smime@xxxxxxxxxxxx
[mailto:owner-ietf-smime@xxxxxxxxxxxx] > On Behalf Of Paul Hoffman > >In the > >case of two of the three above the justification given was
some variation > on > >"if these really were no good then they'd be explicitly disallowed. > Since > >they aren't, it's perfectly OK to do this". > > I'm skeptical, to say the least. If you have actual quotes of
people > saying that, fine; quoting someone third-hand through an IETF > security geek is not a good way to get accurate results. I'm with Peter on this one. I don't want to try to one-up Peter's stories (although I might be able
to), I've also seen all sorts of blunders caused by people unfamiliar with
public-key technology not understanding things that everyone on this list almost
certainly takes for granted. I'd guess that most people who have worked with
users of public-key technology for any length of time have a similar set of
stories. I've also seen people wanting to do make all sorts of crypto-blunders
to make things easier to use, more efficient, or to comply with the letter of
regulations instead of the spirit. So explicitly banning things that might qualify as such blunders is
probably a very good idea. |