On Tuesday, September 23, 2014 16:48:29 John C Klensin wrote: > --On Tuesday, September 23, 2014 16:08 -0400 Phillip > > Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote: > >> Surely PHB isn't saying that SMTP and the email format docs > >> are incompatible? That would be a nonsensical assertion, > >> since they are separate layers (the one is used to transport > >> the other). Perhaps there are two different email standards > >> that perform the same functions but are incompatible? > >> Perhaps S/MIME and PGP? Or perhaps two different security > >> related email specs? > > > > I meant two secure email standards. Empirically we have two > > right now, S/MIME and PGP. > > > > Since I was talking about security, I thought it was obvious > > from the context. > > Nothing about your note made that clear -- it didn't mention > security generally and you said "email standards". Be that as > it may, I think you are overlooking a key aspect of the PGP > versus S/MIME problem. Suppose we actually did have two sets > of email standards, one using SMTP transport with 822-style > "field-name: value-string" headers (as we have today) and other > other of which used SMTP (to avoid making this completely > unrealistic) with ASN.1-like coded X.400-like inner envelope > header structure. There would certainly be a reasonable > complaint that we had specified two different ways to do the > same thing with only subtle differences in capabilities between > them. > > But it seems to me that S/MIME and PGP represent two > fundamentally different trust models. The first is based on a > certificate hierarchy model, one that would have very good > international scaling properties had we actually figured out how > to make a global single-purpose PKI work and be trusted. Worse, > absent that type of PKI, it was very hard to think about how to > bootstrap the system, at least without pushing decisions about > which certification authorities to trust back to end users who > had absolutely no basis on which to make those choices. The > second is based on a web of trust arrangement that most of us > knew at the time wouldn't scale well internationally nor be > usable among parties who didn't have at least a second, or > possibly third, "degree" of connection but that was far easier > to bootstrap than something that assumed a global PKI. > > Now it is certainly possible to imagine a message format that > would have more commonalities than we ended up with. We > actually had standards-track specifications for such a format, > in the form of RFC 1421ff and the earlier RFC1113ff. I think > it is reasonable to summarize PEM by saying it went nowhere > except that we might have learned a bit from it in building > S/MIME and/or OpenPGP. > > So, we are now at a point at which neither OpenPGP nor S/MIME > has achieved wide adoption and use. We have learned such things > we (at least some of us) didn't anticipate. In S/MIME's case, > that notably includes issues of trust in CAs and the > effectively-dictatorial (or oligarchic) authority of browser > vendors to determine CA usability. In OpenPGP's case, we have > demonstrated some of the scaling and key management issues that > some people anticipated all along. > > You seem to believe that more commonality of formats would have > left us in better shape today. Because I think the problem is > the irreconcilable difference in trust model and relationships, > I believe it would have made almost no difference at all (even > if it were a good idea). You could be right but, if you want to > make that case, please try to do so in a way that the rest of us > can understand rather than, e.g., making broad assertions about > causes and implications of the IETF's failure to generate a > single standard for secure/encrypted email or email more > generally. +1. I use both OpenPGP and S/MIME on a regular basis and in no case where I use one would the other be suitable primarily because of the differences in trust models you describe. While they both sign/encrypt email their use cases are disjoint in my experience. Scott K