[ih] The Internet Plan; was: Ken Olsen's impact on the Internet
John Linn
john.g.linn at gmail.com
Thu Feb 17 03:30:57 PST 2011
I edited RFC-989 and some successor documents on the PEM side of the
fence, and have no way of
knowing whether/when PEM results might have influenced PGP. Note,
however, that RFC-989 didn't
include PEM's PKI aspect; rather, it emphasized the message processing
layer (e.g., defining the Printable Encoding that was subsequently
adapted as MIME's base64). That layer was intended for
use either with PKI or pairwise symmetric keys, and both types of
implementations were prototyped. I don't believe the certification
infrastructure was documented in RFC form until RFC-1114, in August 1989.
FWIW (perhaps already historic, after < 24 hours), I attempted to post
the following paragraph to the list,
but it seems to have dropped silently, perhaps because of a sender
address mismatch:
"S/MIME succeeded PEM, extending and generalizing the message-level
content protection facilities, but its availability also didn't trigger
deployment of broadly-adopted user certification infrastructure. Absent
such infrastructure, email security suffers from a significant first
phone effect; there's little incentive to begin using it until and
unless your communicating peers do so as well, which isn't likely to
happen unless many members of a community develop interest in parallel.
This hasn't yet taken place at anywhere near a general and pervasive
level, but the reason may have more to do with user demand than with
availability of technology. S/MIME support has been widely available in
email clients for many years, but may also be one of the Internet's
best-deployed examples of latent, unexecuted code."
--jl
On 02/16/2011 12:51 PM, Dave CROCKER wrote:
>
>> This was years before PGP (which of course appeared in part as a
>> counterpoint
>> to PEM, since the top-down authentication model of PEM didn't sit
>> well with
>> everyone).
>
>
> FWIW, I suspect Phil did not know about PEM. A couple of histories
> about PGP don't mention the connection, plus Phil was not in the IETF
> mix:
>
> <http://library.thinkquest.org/27158/concept2_7_2.html>
>
> Note the 1991 date.
>
> RFC 989, defining PEM, is dated 1987. Still the odds are good that
> PEM did not motivate PGP.
>
> d/
More information about the Internet-history
mailing list