[8202] in cryptography@c2.net mail archive
Re: Is PGP broken?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Dec 5 01:07:47 2000
From: "Steven M. Bellovin" <smb@research.att.com>
To: pgut001@cs.auckland.ac.nz
Cc: cryptography@c2.net, em@who.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 04 Dec 2000 20:06:13 -0500
Message-Id: <20001205010614.EC8A435DC2@smb.research.att.com>
In message <97594473715019@kahu.cs.auckland.ac.nz>, Peter Gutmann writes:
>"Enzo Michelangeli" <em@who.net> writes:
>
>>Apart from standards issues, one thing I'd like to see added to popular S/MIM
>E
>>agents is a mini-CA to issue self-signed certificates. This would allow peopl
>e
>>to use S/MIME as they use PGP (who relies on the WoT anyway?), breaking the
>>dependency from hierarchical CA's. Creating such an agent would be now a viab
>le
>>OpenSource project, without any need for expensive toolkit licenses.
>
>I have an RFC draft for this which I wrote a while back but it was rejected by
>the PKIX WG chair(s) ("I am concerned that we not turn PKIX into PGP with ASN.
>1
>syntax"), and I haven't had the motivation to publish it as an independent
>draft - would anyone even notice?.
Purely procedurally, if you tried to get it published as an RFC it
would probably be bounced by the IESG -- there's a policy against RFCs
that are or appear to be end-runs around a working group. If something
is in a WG's area, it's up to them to publish it.
--Steve Bellovin
