From: "Housley, Russ" <housley@spyrus.com>
Date: Sun, 10 Mar 1996 01:38:06 +0800
To: galvin@eit.com (James M. Galvin)
Subject: Re: [ Death of MOSS? ]
Message-ID: <9601298256.AA825628673@spysouth.spyrus.com>
MIME-Version: 1.0
Content-Type: text/plain




Jim:

>>    And if you look at what I've said previously, it is my firm belief 
>>that if we are to succeed in giving users a truly interoperable secure 
>>email standard, then said standard must be fully and completely 
>>integrated into MIME and do everything it does in the proper MIME way, 
>>as opposed to just being security grafted on.
>
>Allow me to make a contentious statement:
>
>       MOSS is the only secure email protocol integrated with MIME.
>
>You see, integrated to me means that the base is security aware.  MIME is 
>only security aware when the security multiparts are used.  In all other 
>cases, MIME is not security aware.
>
>The use of the application content-type with experimentally defined 
>subtypes gives the appearance of MIME being security aware, but it 
>provides nothing more than a mechanism for carrying a protected object.  
>In addition, the fact that the security service itself must do a callback 
>in order to support recursive services, unlike MOSS which uses the 
>security multiparts framework and thus lets MIME do all the work it was 
>designed to do, further supports my position.

Jim, in what way does the end user distinguish between the MOSS-like 
integration and the S/MIME-and-MSP-like integration?  It seems to me that a 
good user agent implementation provides the same services to the user.

Russ