Return-Path: gnu
Return-Path: <gnu>
Received: from localhost by toad.com id AA19341; Fri, 26 Feb 93 03:26:02 PST
Message-Id: <9302261126.AA19341@toad.com>
To: pem-dev@tis.com, gnu
Subject: Naming problem as a symptom
Date: Fri, 26 Feb 93 03:25:59 -0800
From: gnu

Half of why PGP is now up and running all over the world, while PEM is
still stumbling out of the starting gate, is that PGP completely eliminates
two bottlenecks built into the PEM design:

	*  you can't pick your own name
	*  you have to register with an authority

I tried to use PEM, but TIS would not give me the name I requested
(O=gnu@cygnus.com).

PEM's model is that somehow the naming conventions that everyone is
already using (user@do.main) are ridiculous or inappropriate -- so
let's invent a new kind of naming (DN's), and then introduce
translations between them at every user.  (E.g. I send mail to
cerf@vint.net, it gets translated locally to c=xxx,o=yyy,foo=bar, then
the key for that c=xxx,o=yyy,foo=bar is looked up locally, then the
message is encrypted and sent.  Why that first translation?)

My model is that Internet domain email works *JUST FINE* for me, while
every piece of mail I receive via an X.nnn gateway is full of
screwiness.  (E.g. MCI Mail from Esther Dyson now contains a
140-character return address.)  I want a direct mapping between
ordinary email names and names in PEM certificates.

Someone suggested C=US,O=gnu@cygnus.com.  But cygnus.com is valid in any
country.  I could move to Australia and keep gnu@cygnus.com.  It's not tied
to geography.  The Domain Name System is up and running worldwide.  Let's
use it.

Of course, there is no problem with duplicate assignments, since there
is already a multi level registration of domain names and user names.
Happily *that* system doesn't care what name you register -- it only
rejects names if they are already in use.

The main objection raised to this sort of easy and obvious name is,
"When the X.500 revolution comes, your name will be lined up against
the wall and shot".  I'm perfectly willing to take that chance, given
my own personal estimate of the usefulness of X.400 and X.500.

Let me guess -- about twenty influential people on this list are
unwilling for me to *have* that choice.  And that's why PGP is
winning, and will continue to win, though it is inferior technically.
Because it doesn't impose arbitrary and inappropriate models on its
users: it just encrypts, decrypts, hashes, certifies, looks up keys,
and does key maintenance.  Funny, that.  It might even end up
integrated into MIME before PEM does.

	John Gilmore