--On Tuesday, September 23, 2014 16:08 -0400 Phillip
Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:
>> Surely PHB isn't saying that SMTP and the email format docs
>> are incompatible? That would be a nonsensical assertion,
>> since they are separate layers (the one is used to transport
>> the other). Perhaps there are two different email standards
>> that perform the same functions but are incompatible?
>> Perhaps S/MIME and PGP? Or perhaps two different security
>> related email specs?
>
> I meant two secure email standards. Empirically we have two
> right now, S/MIME and PGP.
>
> Since I was talking about security, I thought it was obvious
> from the context.
Nothing about your note made that clear -- it didn't mention
security generally and you said "email standards". Be that as
it may, I think you are overlooking a key aspect of the PGP
versus S/MIME problem. Suppose we actually did have two sets
of email standards, one using SMTP transport with 822-style
"field-name: value-string" headers (as we have today) and other
other of which used SMTP (to avoid making this completely
unrealistic) with ASN.1-like coded X.400-like inner envelope
header structure. There would certainly be a reasonable
complaint that we had specified two different ways to do the
same thing with only subtle differences in capabilities between
them.
But it seems to me that S/MIME and PGP represent two
fundamentally different trust models. The first is based on a
certificate hierarchy model, one that would have very good
international scaling properties had we actually figured out how
to make a global single-purpose PKI work and be trusted. Worse,
absent that type of PKI, it was very hard to think about how to
bootstrap the system, at least without pushing decisions about
which certification authorities to trust back to end users who
had absolutely no basis on which to make those choices. The
second is based on a web of trust arrangement that most of us
knew at the time wouldn't scale well internationally nor be
usable among parties who didn't have at least a second, or
possibly third, "degree" of connection but that was far easier
to bootstrap than something that assumed a global PKI.
Now it is certainly possible to imagine a message format that
would have more commonalities than we ended up with. We
actually had standards-track specifications for such a format,
in the form of RFC 1421ff and the earlier RFC1113ff. I think
it is reasonable to summarize PEM by saying it went nowhere
except that we might have learned a bit from it in building
S/MIME and/or OpenPGP.
So, we are now at a point at which neither OpenPGP nor S/MIME
has achieved wide adoption and use. We have learned such things
we (at least some of us) didn't anticipate. In S/MIME's case,
that notably includes issues of trust in CAs and the
effectively-dictatorial (or oligarchic) authority of browser
vendors to determine CA usability. In OpenPGP's case, we have
demonstrated some of the scaling and key management issues that
some people anticipated all along.
You seem to believe that more commonality of formats would have
left us in better shape today. Because I think the problem is
the irreconcilable difference in trust model and relationships,
I believe it would have made almost no difference at all (even
if it were a good idea). You could be right but, if you want to
make that case, please try to do so in a way that the rest of us
can understand rather than, e.g., making broad assertions about
causes and implications of the IETF's failure to generate a
single standard for secure/encrypted email or email more
generally.
john