-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In my opinion, cryptography should be seen as an evolutionary
process. Protocols are continuously evaluated for their "fitness" in the
context of current number theory, advances in computers/CPUs, and many
individual/company/implementation specific requirements. It may be
impossible to get the ideal solution, but we optimize to what we consider
vital for survival.
Regarding secure e-mail, PGP and S/MIME have evolved in different
populations; using different measurements to determine fitness. Naturally,
the protocols themselves have mutated, but we also have new species being
introduced (some propriety, some public), as you noted. Today, with
companies trying to market secure e-mail to the masses, the boundaries of
these communities are fuzzy. Simultaneously, individuals in this greater
population have drastically different requirements. Predictably, and
understandably, the general population tries to optimize for "easy",
especially when not familiar with the tradeoffs. The true danger is when
companies, who believe in Creationism, start to optimize for market share
and "easy", since that fulfills their objectives and their target audience's
one and only requirement. I believe this to the motivation for the
ZixIt/Yahoo announcement. I trust Darwinism will take care of the rest...
- --
David Bird
[EMAIL PROTECTED]
PS: I applaud the idea of implementing OpenPGP in OpenSSL!! I agree that
creating a public source C library is critical in promoting compatibility. I
also agree, ultimately, OpenPGP will prevail.
! Date: Wed, 29 Nov 2000 17:17:28 -0800 (PST)
! From: "L. Sassaman" <[EMAIL PROTECTED]>
[snip]
! There have been secure email companies popping up with proprietary key
! formats. (Hushmail and Zixit[2] are the two big ones that I can think of
! immediately). If RFC 2440 functionality were available in a crypto library
! without a restrictive license, perhaps we'd see companies such as those
! adopting OpenPGP as the format of choice. Perhaps we would see OpenPGP
! features shipping with email clients, so that users would not need to rely
! on plugins and wrappers for their email.
[snip]
! Shameless plug: Ben Laurie and I were discussing this exact topic earlier
! this month. I'm going to England next month to sit down and hash out
! exactly what we want to do, but we would like to add OpenPGP features to
! OpenSSL.
[snip]
! [2] -- Sadly, a standard format would only be a small improvement on
! Zixit, which has a system that I would never recommend anyone trust for
! securing anything of importance.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Comment: Processed by Mailcrypt 3.5.1, an Emacs/PGP interface
Charset: noconv
iQA/AwUBOir2WYTAuwXcZQtzEQKW8wCeP1L8oc0VuclCbraolH2affD3WrkAnjq2
hXoq9wpbW+Z30+XZ0vYryAhp
=dX/v
-----END PGP SIGNATURE-----
