- From: Dave Crocker <dcrocker@brandenburg.com>
- Date: Thu, 7 Nov 2002 08:39:56 -0800
- To: discuss@apps.ietf.org
Folks, The IESG is now operating with the policy that application protocols must mandate implementation of (at least one) strong security mechanism. In the case of store-and-forward, MIME-base applications this means choosing between S/MIME and OpenPGP. One of them must be mandated for implementation. (More are, of course, allowed) These standards have been around for a long time and yet the market has not yet adopted one. Hence mandating either of them goes against considerable real-world market experience -- no matter how much any of us might wish for a single market choice. I am hoping there will be some public discussion of this policy and have written: <http://www.ietf.org/internet-drafts/draft-crocker-mime-security-00.txt> to prime the discussion pump. This list seems like the best venue, since MIME and the issue of general MIME-based security do not have any other list venue. d/ -- Dave Crocker <mailto:dcrocker@brandenburg.com> TribalWise <http://www.tribalwise.com> t +1.408.246.8253; f +1.408.850.1850
Received on Thursday, 7 November 2002 11:47:34 UTC