ned(_dot_)freed(_at_)mrochek(_dot_)com
Russ Housely
Maybe the working group needs to be chartered in phases. The first
phase might be figuring out which proposal has clear and strong
momentum. I have no idea what the milestones would be for such a
thing. I'm just brainstorming.
This is a better suggestion than doing a requirements cycle which is what is
usually suggested.
Russ, there are times when the "divide and conquer" approach
will work. I do not believe this is one of them. We either
come up with a complete proposal, including fairly detailed
deployment guidelines, or we're not going to get anywhere.
For whatever reason the IETF has gotten into the business of
specifying technologies rather than complete services. This
works for some things, but "once we spec it someone else will
figure out how to use it" just isn't sufficient here.
I believe that the problem with S/MIME implementations is due to the way it
was presented as a technology rather than as system. The work on the actual
crypto technology is pretty well trod at this stage. Four independent groups
have taken that path and the results are pretty much identical give or take
some syntax variations.
I think that what people need to decide is whether they want to write the
spec in IETF process or if all they actually want is the IETF imprimataur
that says they have done the process when in fact the process was avoided.