Re: [No subject]

["Yee, Peter" <yee@spyrus.com>]

>>    Earlier, I mentioned that two and a half protocols survived the 
>> day. The remaining one is MSP. It's actually not a bad protocol. It 
>> has two features that none of the others have: the ability to label 
>> classified messages, and a cryptographically strong signed receipt.
>> Both of these functions are highly important for government users. It 
>> looks like government suppliers are going to go ahead and implement
>> it, and the government is going to use it.

>Although these benefits are present in the current MSP, I
>don't see anything inherent in MSP that makes it necessarily superior in these 
>areas.  If you were doing normal MIME-type receipts (whatever that means, since
>I think there are three different drafts under way currently), and you simply 
>added the ability to cryptographically sign a timestamp in the "proper" MIME 
>receipt type, then MSP would lose this advantage.

FIF.  I guess this could be said about any of the protocols.  With enough 
changes they all have the same feature set. :-)  MSP just has it now and it 
works.

>I think labeling could potentially be done by follow-on
>versions of other packages as well, since I think we all agree that generic 
>labeling which can be used both for standard gov't-style classification levels 
>and compartments, as well as for business-style sensitivity labeling.  In fact,
>I'd almost be inclined to say that it would likely be as easy (or easier) to 
>create a new general-purpose labeling system for use with any of the 
>competitors than it would be to modify MSP to support business-style labels in 
>addition to the gov't-style labels I'm sure it has today (maybe it already has 
>labels, but I don't think that this is that tough of a problem to solve in any 
>event).

Well, read MSP first before assuming.  And of course, see above comment.

                                                                -Peter