North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
> L. Sassaman: Saturday, July 01, 2000 2:59 PM > On Sat, 1 Jul 2000, Roeland M.J. Meyer wrote: > > > I am talking about PEM formatted keys and certs (*.pem files), as > > formatted by OpenSSL. I don't recogise your definition of the > > acronym. > > PEM (RFC 1421-1424, I believe) was a *really sucky* attempt > at a secure > email standard. It was based on X.509, and did things like not allow Ah yes, now I remember. I agree with your value-judgement. > > Me may have a case of operator over-loading here. I'm also sorry > > that you feel that this has become a flame-war. Maybe it is good > > that we terminate it. > > Well, a PEM vs. PGP debate might have interested me in 1992, > but it's over > with. PGP won, by the consensus of the users. Even in 1992, I wouldn't have been interested in that debate. PEM obviously doesn't fit the requirements. > Likewise, I suspect S/MIME will fail, due to lack of usage. > S/MIME might > be supported by every email client out there (though I do hear that > compatability is nearly impossible between vendors), but if > people don't > use it, then it is just code bloat and should be excised. The thing is that folks ARE using it. Just, not in public. > But this is a topic that people will get very religious > about, and won't > result in any constructive outcome... so I am content to stop > ranting now > and let natural selection take its course. That may or may not be true. Letting things sink to common terms, we have been discussing S/MIME vs PGP, via PKI debate. What sort of PKI would be most useful for NANOG participants? My contention is for OpenSSL style CA that issues certs usable for both S/MIME and SSL. In addition, I have a project that would let SSH use *.pem files from OpenSSL, issued by OpenCA. What we would have then is a single Key/Cert that would work with SSH, S/MIME, and SSL. I can't see a way to get PGP to cover the same ground.