[29656] in North American Network Operators' Group
RE: PEM(?)
daemon@ATHENA.MIT.EDU (Roeland M.J. Meyer)
Sat Jul 1 18:25:59 2000
Reply-To: <rmeyer@mhsc.com>
From: "Roeland M.J. Meyer" <rmeyer@mhsc.com>
To: "'L. Sassaman'" <rabbi@quickie.net>
Cc: "'Michael Helm'" <helm@fionn.es.net>, <nanog@merit.edu>,
<pgp-keyserver-folk@flame.org>
Date: Sat, 1 Jul 2000 15:25:00 -0700
Message-ID: <000201bfe3ab$323acb90$eaaf6cc7@PEREGRIN>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <Pine.LNX.4.21.QNWS_2.0007011449280.16467-100000@thetis.deor.org>
Errors-To: owner-nanog-outgoing@merit.edu
> L. Sassaman: Saturday, July 01, 2000 2:59 PM
> On Sat, 1 Jul 2000, Roeland M.J. Meyer wrote:
>
> > I am talking about PEM formatted keys and certs (*.pem
files), as
> > formatted by OpenSSL. I don't recogise your definition of the
> > acronym.
>
> PEM (RFC 1421-1424, I believe) was a *really sucky* attempt
> at a secure
> email standard. It was based on X.509, and did things like not
allow
Ah yes, now I remember. I agree with your value-judgement.
> > Me may have a case of operator over-loading here. I'm also
sorry
> > that you feel that this has become a flame-war. Maybe it is
good
> > that we terminate it.
>
> Well, a PEM vs. PGP debate might have interested me in 1992,
> but it's over
> with. PGP won, by the consensus of the users.
Even in 1992, I wouldn't have been interested in that debate. PEM
obviously doesn't fit the requirements.
> Likewise, I suspect S/MIME will fail, due to lack of usage.
> S/MIME might
> be supported by every email client out there (though I do hear
that
> compatability is nearly impossible between vendors), but if
> people don't
> use it, then it is just code bloat and should be excised.
The thing is that folks ARE using it. Just, not in public.
> But this is a topic that people will get very religious
> about, and won't
> result in any constructive outcome... so I am content to stop
> ranting now
> and let natural selection take its course.
That may or may not be true. Letting things sink to common terms,
we have been discussing S/MIME vs PGP, via PKI debate. What sort
of PKI would be most useful for NANOG participants? My contention
is for OpenSSL style CA that issues certs usable for both S/MIME
and SSL. In addition, I have a project that would let SSH use
*.pem files from OpenSSL, issued by OpenCA. What we would have
then is a single Key/Cert that would work with SSH, S/MIME, and
SSL. I can't see a way to get PGP to cover the same ground.
