"Steven M. Bellovin" <smb@research.att.com> writes:
> In message <87znxljs27.fsf@snark.piermont.com>, "Perry E. Metzger" writes:
> >Yah, but it has never gotten past Proposed to Draft, and I'm unaware
> >of implementations.  At the time it was written, the world was very
> >different, and rolling (mostly) your own security transport was
> >common. Now everyone Just Uses SSL. The question in my mind is, given
> >the utter lack of implementations, do we want something where we've
> >got a whole new protocol with potential holes, or do we Just Use SSL
> >so we can piggy back on its properties?
> >
> >Steve, you're a Security AD. What's your opinion?
> 
> As I said, I have no idea if anyone else has implemented it, modulo the 
> note from Ken Hornstein.
> 
> But don't read too much -- or too little -- into the fact that it's a 
> Proposed Standard.

I'm well aware of that. I'm more interested in the question of whether
or not Yet Another Security Mechanism is a good idea.

Perry