- From: Richard Shockey <rshockey@ix.netcom.com>
- Date: Thu, 07 Nov 2002 14:39:58 -0500
- To: Dave Crocker <dcrocker@brandenburg.com>, discuss@apps.ietf.org
At 08:39 AM 11/7/2002 -0800, Dave Crocker wrote: >Folks, > >The IESG is now operating with the policy that application protocols must >mandate implementation of (at least one) strong security mechanism. In the >case of store-and-forward, MIME-base applications this means choosing >between S/MIME and OpenPGP. One of them must be mandated for >implementation. (More are, of course, allowed) > >These standards have been around for a long time and yet the market has not >yet adopted one. Hence mandating either of them goes against considerable >real-world market experience -- no matter how much any of us might wish for >a single market choice. > >I am hoping there will be some public discussion of this policy and have >written: > > <http://www.ietf.org/internet-drafts/draft-crocker-mime-security-00.txt> > >to prime the discussion pump. This list seems like the best venue, since >MIME and the issue of general MIME-based security do not have any other list >venue. > >d/ I'd certainly like to second Dave's thoughts here but for a different reason. Mandating MIME Security IMHO is potentially harmful since the IETF has been unable or unwilling to tackle the underlying problem of application specific opportunistic key discovery service which could make S/MIME or PGP easier to use. This was the general thrust of the siked BOF in Minneapolis, that as many of us remember, did not go well. Now the Security AD's have permitted a BOF in Atlanta on the narrowly scoped problem of IPSEC keys [ ipsedkey ] on Tuesday afternoon. This is fine .. we all believe that narrowly scoped problem statements lead to WG success, tackle the small problems first before the bigger ones. I would again suggest the that general problem has not gone away and must eventually be addressed. I submit the two issues are linked. A number of us have submitted personal ID' touching on the subject. Title : Using DNS to securely publish SSH key fingerprints A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-secsh-dns-01.txt Title : Domain-based Application Service Location Using SRV RRs and the Dynamic Delegation Discovery Service (DDDS) A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-daigle-napstr-01.txt Title : Use of the DDDS System for Cryptographic Key Discovery and Retrieval A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-shockey-ddds-pki-00.txt >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Richard Shockey, Senior Manager, Strategic Technology Initiatives NeuStar Inc. 46000 Center Oak Plaza - Sterling, VA 20166 Voice +1 571.434.5651 Cell : +1 314.503.0640, Fax: +1 815.333.1237 <mailto:richard@shockey.us> or <mailto:richard.shockey@neustar.biz> <http://www.neustar.biz> ; <http://www.enum.org> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Received on Thursday, 7 November 2002 22:08:43 UTC