@techreport{crocker-mime-security-00, number = {draft-crocker-mime-security-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-crocker-mime-security/00/}, author = {Dave Crocker}, title = {{Mandatory MIME Security Considered Harmful}}, pagetotal = 0, year = 2002, month = nov, day = 4, abstract = {MIME is the preferred Internet mechanism for labeling and aggregating bulk data objects, such as for email and the web, and it is essential to have useful, MIME-based mechanisms. Indeed, two standards have existed for some years: OpenPGP and S/MIME. A current IESG policy for new application protocols requires that they mandate conforming implementations to support a single security mechanism. For applications using MIME security, this means that the specification is required to choose between S/MIME and OpenPGP. Although well-intentioned, the policy is at least useless and at worst counter-productive. This note discusses the problem and suggests returning to the previously acceptable policy that better reflects the lack of market resolve for MIME security.}, }