[29660] in North American Network Operators' Group
RE: PEM(?)
daemon@ATHENA.MIT.EDU (Roeland M.J. Meyer)
Sat Jul 1 20:59:11 2000
Reply-To: <rmeyer@mhsc.com>
From: "Roeland M.J. Meyer" <rmeyer@mhsc.com>
To: "'L. Sassaman'" <rabbi@quickie.net>
Cc: "'Michael Helm'" <helm@fionn.es.net>, <nanog@merit.edu>,
<pgp-keyserver-folk@flame.org>
Date: Sat, 1 Jul 2000 17:58:10 -0700
Message-ID: <000801bfe3c0$98065100$eaaf6cc7@PEREGRIN>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <Pine.LNX.4.21.QNWS_2.0007011524470.16611-100000@thetis.deor.org>
Errors-To: owner-nanog-outgoing@merit.edu
> L. Sassaman: Saturday, July 01, 2000 3:28 PM
> On Sat, 1 Jul 2000, Roeland M.J. Meyer wrote:
>
> > The thing is that folks ARE using it. Just, not in public.
>
> Well, that's understandable. If I were an S/MIME user, I
> wouldn't want the
> public to know!
>
> ;)
I understand the ;) but my point was that much S/MIME traffic
goes over intra-nets and VPNs, with maybe a short hop over the
Internet.
> > That may or may not be true. Letting things sink to common
terms,
> > we have been discussing S/MIME vs PGP, via PKI debate. What
sort
> > of PKI would be most useful for NANOG participants? My
contention
> > is for OpenSSL style CA that issues certs usable for both
S/MIME
> > and SSL. In addition, I have a project that would let SSH use
> > *.pem files from OpenSSL, issued by OpenCA. What we would
have
> > then is a single Key/Cert that would work with SSH, S/MIME,
and
> > SSL. I can't see a way to get PGP to cover the same ground.
>
> PGP works with newer versions of SSH. I see no need for S/MIME
to
> exist. And I don't see SSL incompatability as a barier to
> using PGP with
> email.
How about viewing web-based mail and list archives? The S/MIME
cert is also a client-side cert and can be used in lieu of
user/passwd.
> (For the record, there is an Internet draft on using PGP with
TLS, and
> Apache can easily be modified to use PGP keys... the problem
> is browser
> support, and not a limitation in PGP.)
If the browsers do not support it then it is a PGP problem
because the users cannot use it. Where can I get the links to the
Apache/PGP effort? I don't find them at apache.org. Also, what is
the W3C position?
