Re: Evaluation: draft-ietf-impp-im - Common Profile for InstantMessaging (CPIM)

[Harald Tveit Alvestrand <harald@alvestrand.no>]

--On 7. august 2003 00:29 -0400 "Steven M. Bellovin" <smb@research.att.com> 
wrote:

> The problem I have is that draft-ietf-impp-cpim-msgfmt lays out a
> detailed set of requirements and explains how to use MIME.  If S/MIME
> is the right answer, much of the rationale can be omitted, except
> perhaps a short statement that the environmental model is very much
> like the one that email has.  This is the message format RFC; it should
> really point to the authoritative source for the desired encoding and
> encapsulation.  The rationale, if needed at all, should have been in
> draft-ietf-impp-im, which is setting out the framework.
>
> Beyond that, it isn't clear to me that they've said enough about how to
> use CMS and S/MIME.  There are lots of possible options and variations;
> I don't know that all are useful or correct here.  That's where I want
> to defer to Russ.
I'd like -msgfmt- to keep its mouth shut about whether to use S/MIME; it's 
not really its business, since that ties into the whole trust model issue.
As written, it's agnostic between S/MIME and PGP/MIME; it just advises that 
security multiparts be used (which is a good thing for interoperability of 
signed messages; even applications that don't understand the signature 
format can at least extract the cleartext).

It was a bit of a surprise to me that -im and -pres came out so strongly in 
favour of S/MIME; I'll accept the WG's judgment here.

                     Harald