FW: MIME Security with PGP

Blake Ramsdell (BlakeR@deming.com)
Tue, 23 Apr 1996 14:55:09 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Dave Crocker: "Email Security Workshop lack of followup"

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.  Contact your
mail administrator for information about upgrading your reader to a version
that supports MIME.

------ =_NextPart_000_01BB3124.DEC00350
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Some rumblings from the PKIX list about the PGP/MIME integration effort...

Blake
--
Blake C. Ramsdell
DEMING SOFTWARE, INC.
<http://www.deming.com>

>----------
>From: 	bjueneman@novell.com[SMTP:bjueneman@novell.com]
>Sent: 	Tuesday, April 23, 1996 10:37 AM
>To: 	iesg@ietf.org
>Cc: 	ietf-pkix@tandem.com
>Subject: 	MIME Security with PGP
>
>The IESG has received a request to consider MIME Security with Pretty
>Good Privacy (PGP) <draft-elkins-pem-pgp-03.txt> as a Proposed
>Standard. This has been reviewed in the IETF but is not the product of an
>IETF Working Group.
>
>The IESG will also consider publication of PGP Message Exchange
>Formats
><draft-atkins-pgpformat-01.txt> as an Informational RFC.
>
>
>The IESG plans to make a decision in the next few weeks, and solicits
>final comments on this action.  Please send any comments to the
>iesg@ietf.org or ietf@cnri.reston.va.us mailing lists by May 22, 1996.
>
>---------------------
>
>I would oppose creating such a standard, especially because it has not
>been through the normal WG processes where such proposed
>standards are carefully scrutinized.
>
>But over and above whatever technical merits or lack thereof the
>proposed standard might possess, I believe that the introduction of one
>more MIME security standard would lead to even more confusion in the
>industry as to what should be supported.
>
>There is no question that PGP is the single most popular standard for
>encryption and digital signatures in the Internet today. There is also no
>question, at least in my mind, that the whole notion of trust that is
>embedded within PGP is badly flawed, both in theory and in practice.
>
>I believe that the IETF and the IESG must rise above purely technical
>considerations and also address the degree to which a standard in this
>area will be considered (especially by those who are less than fully
>informed about the issues) to be an endorsement of the underlying
>mechanisms and technology. To my mind the incorporation of PGP into
>MIME, even though it would undoubtedly be quite popular, would send
>the wrong message and would have the effect of seriously delaying,
>and perhaps even preventing, the deployment of a high quality system
>such as S/MIME and/or MOSS.
>
>Robert R. Jueneman
>Software Engineering Consultant
>NetWareSecurity R&D
>Novell, Inc. M/S PRV-D241
>122 East 1700 South
>Provo, UT 84606
>801/429-7387
>
>

------ =_NextPart_000_01BB3124.DEC00350--

Previous message: Dave Crocker: "Email Security Workshop lack of followup"