On Tue, Sep 23, 2014 at 4:48 PM, John C Klensin <john-ietf@xxxxxxx> wrote: > > > --On Tuesday, September 23, 2014 16:08 -0400 Phillip > Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote: > >>> Surely PHB isn't saying that SMTP and the email format docs >>> are incompatible? That would be a nonsensical assertion, >>> since they are separate layers (the one is used to transport >>> the other). Perhaps there are two different email standards >>> that perform the same functions but are incompatible? >>> Perhaps S/MIME and PGP? Or perhaps two different security >>> related email specs? >> >> I meant two secure email standards. Empirically we have two >> right now, S/MIME and PGP. >> >> Since I was talking about security, I thought it was obvious >> from the context. > > Nothing about your note made that clear -- it didn't mention > security generally and you said "email standards". Be that as > it may, I think you are overlooking a key aspect of the PGP > versus S/MIME problem. Suppose we actually did have two sets > of email standards, one using SMTP transport with 822-style > "field-name: value-string" headers (as we have today) and other > other of which used SMTP (to avoid making this completely > unrealistic) with ASN.1-like coded X.400-like inner envelope > header structure. There would certainly be a reasonable > complaint that we had specified two different ways to do the > same thing with only subtle differences in capabilities between > them. > > But it seems to me that S/MIME and PGP represent two > fundamentally different trust models. The first is based on a > certificate hierarchy model, one that would have very good > international scaling properties had we actually figured out how > to make a global single-purpose PKI work and be trusted. Worse, > absent that type of PKI, it was very hard to think about how to > bootstrap the system, at least without pushing decisions about > which certification authorities to trust back to end users who > had absolutely no basis on which to make those choices. The > second is based on a web of trust arrangement that most of us > knew at the time wouldn't scale well internationally nor be > usable among parties who didn't have at least a second, or > possibly third, "degree" of connection but that was far easier > to bootstrap than something that assumed a global PKI. > > Now it is certainly possible to imagine a message format that > would have more commonalities than we ended up with. We > actually had standards-track specifications for such a format, > in the form of RFC 1421ff and the earlier RFC1113ff. I think > it is reasonable to summarize PEM by saying it went nowhere > except that we might have learned a bit from it in building > S/MIME and/or OpenPGP. > > So, we are now at a point at which neither OpenPGP nor S/MIME > has achieved wide adoption and use. We have learned such things > we (at least some of us) didn't anticipate. In S/MIME's case, > that notably includes issues of trust in CAs and the > effectively-dictatorial (or oligarchic) authority of browser > vendors to determine CA usability. In OpenPGP's case, we have > demonstrated some of the scaling and key management issues that > some people anticipated all along. > > You seem to believe that more commonality of formats would have > left us in better shape today. Because I think the problem is > the irreconcilable difference in trust model and relationships, > I believe it would have made almost no difference at all (even > if it were a good idea). You could be right but, if you want to > make that case, please try to do so in a way that the rest of us > can understand rather than, e.g., making broad assertions about > causes and implications of the IETF's failure to generate a > single standard for secure/encrypted email or email more > generally. Well I agree with some of the above but it is a discussion we are currently having on the endymail list. My intended point was that if we had had a facilitator then maybe we could have ended up with rather less unnecessary divergence than we did and that might have made it easier to resolve the standards war. Having re-studied this problem in great detail in the past 18 months, I am certain that S/MIME cannot meet every use case of PGP and vice-versa. But I am also certain that neither meets more than a fraction of the real user needs as currently implemented. http://prismproof.org/