Darryl L. Rowe wrote:
I _did_ say: "...for review, ... modify, ... resubmit and so on
a couple (times)."
That's _not_ a "rubber stamp."
The danger is that even though it is reviewed, PGP Inc can attempt to
keep changes to a minimum. As editor (or, employing the editor), PGP
Inc are effectively in the driving seat.
Whether you believe that PGP Inc would do such a thing or not, I doubt
if you would disagree that there is a clear conflict in interest in PGP
Inc writing the draft around PGP Inc product. The same conflict of
interest exists around RSADSI, for example.
One way to counterbalance that conflict is to write the draft in public
(the Lutz method). Another way is to not put so much of the
responsibility into PGP Inc's hands (which may not be practical if they
are the only ones prepared to pay the editor's salary).
Whatever your politics, it can't be fun being editor in that position.
No one is getting _anywhere_ with this more-or-less "off topic"
issue .... maybe this should be a _moderated_ list, eh?
This might not be a good idea. It would kill it stone dead.
Think of it this way. With the absence of a draft to discuss, and a
moderated list being kept "on topic" we could also save on uneccessary
words such as "Open."
... Even a "rubber-stamped" PGP standard and CMR would
be preferable to _anything_ involving RSA IMO....
Options have been on my mind lately. More than anything else, sparked
by the 2.6 versus 5.x issue.
There are more options than you mention above:
1. The null case:
* the pgp2.x de facto standard remains in place
for 4 million users. (PGP Inc advertise this
user base as their starting market.)
* pgp5.x makes inroads into corporate America.
and competes with S/MIME.
* S/MIME remains in place as a de facto standard
for large company mailers. I don't know how
effective this is, whilst it is widespread in
browsers (I gather) I have never heard of anyone
using it.
This is the do nothing case, which is synonymous with the WG folding
without a result.
2. 5.x becomes the IETF standard. This is the "rubber-stamp." In this
case, the 2.6 de facto standard will be around for a lot longer, due to
the barriers. Hence, 4. below.
3. A compatible 2.6 / 5.x method arises, so all product can handle all
comms. This would migrate people over to the new methods more quickly,
perhaps within 2 years.
4. Two separate standards opposed around some axis of commercial/noncom
or US/International. The difficulties we have experienced in this group
are concentrated in the US/commercial area, so having a separate
standard for one segment might work. (I am beginning to wonder myself
whether this is inevitable, due to the slow upgrade represented by the
pure 5.x line, as proposed in 2. above.)
5. S/MIME becomes the standard - I can't see this being the case, but
RSADSI could always sweet-talk the IETF. In which case, it might gain
currency in commercial markets, but I suspect pgp2.x will be around for
a long time too.
We should remember that standards might be written by WGs and authorised
by quango-like administrators, but they are accepted by users. The
success of any standard that this WG produces will not be known for many
years, and will be dictated by market reactions to it and other factors.
--
iang systemics.com
FP: 1189 4417 F202 5DBD 5DF3 4FCD 3685 FDDE on pgp.com