[ppml] mail auth proposals, was Re: the "other"...

> >X.509 implementation required that the POC and ARIN enter into a
> >heavy-weight contractual relationship.  I think the numbers speak for
> >themselves, on the success of that experiment.
> 
> I'm asking about "that experiment" - is that just a turn of a phrase 
> or was something run?

I remember the X.509 experiment. First of all there was a very
convoluted process required to get a certificate (or was that to send
one) which involved some hidden corners of Netscape's browser. But one
of the steps required was to receive an email message, sign it with the
cert and send it back. The process was relatively straightforward if you
used a brainless UNIX email client, but I simple couldn't get it to work
via Lotus Notes which was the company email client at the time. Which
may seem odd because Notes had some nice built-in X.509 message signing
that was used internally wherever managers needed to approve spending
some money. But, this ARIN cert was completely outside of our corporate
world and therefore, not something that Notes would help me with.

Given that PGP is a relatively stand-alone system, it makes it easier to
adapt to the corporate email standard as an add-in.

But I still prefer just plain SSL, i.e. https: POST transactions.

--Michael Dillon