L. Sassaman: Saturday, July 01, 2000 2:59 PM
On Sat, 1 Jul 2000, Roeland M.J. Meyer wrote:
I am talking about PEM formatted keys and certs (*.pem files), as formatted by OpenSSL. I don't recogise your definition of the acronym.
PEM (RFC 1421-1424, I believe) was a *really sucky* attempt at a secure email standard. It was based on X.509, and did things like not allow
Ah yes, now I remember. I agree with your value-judgement.
Me may have a case of operator over-loading here. I'm also sorry that you feel that this has become a flame-war. Maybe it is good that we terminate it.
Well, a PEM vs. PGP debate might have interested me in 1992, but it's over with. PGP won, by the consensus of the users.
Likewise, I suspect S/MIME will fail, due to lack of usage. S/MIME might be supported by every email client out there (though I do hear
Even in 1992, I wouldn't have been interested in that debate. PEM obviously doesn't fit the requirements. that
compatability is nearly impossible between vendors), but if people don't use it, then it is just code bloat and should be excised.
The thing is that folks ARE using it. Just, not in public.
But this is a topic that people will get very religious about, and won't result in any constructive outcome... so I am content to stop ranting now and let natural selection take its course.
That may or may not be true. Letting things sink to common terms, we have been discussing S/MIME vs PGP, via PKI debate. What sort of PKI would be most useful for NANOG participants? My contention is for OpenSSL style CA that issues certs usable for both S/MIME and SSL. In addition, I have a project that would let SSH use *.pem files from OpenSSL, issued by OpenCA. What we would have then is a single Key/Cert that would work with SSH, S/MIME, and SSL. I can't see a way to get PGP to cover the same ground.