I will plead guilty to having stated that I find the X.400 market to
be growing robustly in a linear pattern, but also note that the
Internet EMail market is growing exponentially. I generally leave it
to my audience to decide what this might mean.
If someone has better data, please present it so I can stand
corrected, and so my audience will not draw erroneous conclusions.
Does anyone have a good estimate for when X.400 will overtake and
dominate the Internet? For when X.435 will overtake and dominate the
EDI VAN services? For when ISO/ITU-T OSI will overtake and dominate
the Internet?
If not, then I fail to understand this rather nasty personal attack
and the many assumptions about me, my business, and my clients, that
has been broadcast to a rather large public mailing list.
I can only assume that the attacker is having some kind of difficulty
accepting the realities of life as it is unfolding. It makes me stop
to ask why someone I do not even know feels so strongly that I must be
at the root of his own specific problems. I suppose that someone in
his organization must have taken note of my public observations and
has asked for confirmation or refutation. More likely, I expect that
he is caught on a major stress point in the mesh of conflicting forces
that are stressing our Internet Industry, over which I have no control
or influence, but which cause him to lash out at some visible target.
I can appreciate this, as I recently went through a very difficult and
financially disasterous 2 year period of resolving the fact that I had
spent approximately 8 years of my life pushing hard on the OSI/X.400
front, only to find that my clients no longer believed in ISO/ITU-T
style OSI or X.400 and that my consulting practice was spiraling into
the dumper. Lucky for me, I am past the point of recovery.
My public comments about discovering that the Internet acts as Occum's
Razor by inhibiting deployment of complexity over the core of the
Internet are slowly becoming understood. BTW, I am not alone in this
observation, or in my snese of its relevance and importance. The
success of Internet Protocols is not assured by their creation in the
sanctity of IETF working groups. Success in the Internet requires a
certain element of simplicity in the core, with required complexity
held to the edges.
Many protocols have been proposed and their deployment attempted, only
to fail in the end of the horns of core complexity. The Internet is
not owned by anyone in particular, so there is simply not enough
authority available to impose complexity onto the Internet core.
Internet technology has to be capable of deploying itself in the hands
of a multitude of unorganized users/customers, or it will not deploy.
(PEM included).
This is the essence of TCP (edge) and IP (core); of SMTP (core) and
RFC822/MIME/etc (edge). Actually, RFC822/MIME are now being absorbed
into the core, so that the edge is moving to where programs put
objects into MIME and take objects out of MIME, while MIME acts like a
teflon coated mole running through our very hazardous gateway infested
EMail tunnels. This is just a recasting of the old "End-to-End"
theology of the Internet. End-to-end-ness has long been understood to
be sacred in the Internet, and that is why PEM and PGP are structured
the way they are, to be end-to-end.
Now, with the prospect of both PEM and PGP possibly finding that they
can actually co-exist and both use the same MIME enveloping scheme,
the choice between them comes down to choosing your preferred form of
key certification infrastructure. Actually, I recall hearing
somewhere that it might be possible for both PEM and PGP to use each
others keys. (I heard this 3rd hand which by definition makes it a
rumor!)
Anyway, I now find it amazing to see this PEM-DEV argument, and see
myself quoted in such strange ways, just as it looks like things are
about to sort themselves out in such a way that the open market will
be free to make its own decision.
As I see it, the choice is between two concepts of infrastructure, one
central and authoritative as desired by governments, and the other
open and based on mutual life experiences to build trust. This
argument has been raging inside PEM circles for a very long time,
certainly long before I stopped following the PEM discussion several
years ago when the PEM decisions were taken to sidestep MIME. That
was when I decided for myself that PEM was headed for irelevance.
So, to my mind, the market reactions to PEM and PGP are just people
voting with their wallets for their Preferred Key Infrastructure.
I suspect, but have not analyzed it, that PEM offers the greater
complexity in the core of its encryption scheme, which might explain
why PGP gives off the appearance of greater acceptance in Internet
circles. BTW, I have no idea how many of anything has been deployed
by anyone here, including the number of MAC 7.5 systems distributed or
installed;-); or the number of PEM/PGP licenses and programs installed
or in use. This is not what I find interesting.
What interests me is whether or not the market is open and whether or
not the core technology is simple enough. Complexity at the edges is OK.
I am sorry if my little essay offends anyone here, but you all should
not awaken me like this when I am not following your discussion...
Hava Merry Merry and a Great New Year!...\Stef
From Peter William's message Wed, 14 Dec 1994 10:28:29 -0800:
}
}Derek:
}
} >From: Derek Atkins <warlord(_at_)mit(_dot_)edu>
} >Subject: Re: Re[2]: Is PGP really more widespread than PEM?
} >Date: Tue, 13 Dec 1994 21:12:24 EST
}
} >> I agree with John. Is there anyone from Viacrypt on the list who is
} >> willing to share the number of commercial PGP licenses ? Is it
} >> anywhere near the number of Apple System 7.5 users ?
} >
} >No offense, Steve, but these blanket comparrisons are completely
} >bogus. You can't compare the number of owners of a product to the
} >number of people who use a specific feature of that product!
}
}Einar Stefferud makes a good living out of doing just this, as do a number
}of other IETF gurus! Management gurus have done it for years, also.
}
}Pass to the last para, if you wish to avoid soap:-
}
}---------
}
}Take one his recent public pronouncements and catch-phrases designed to ensnar
} e
}the undecided in the messaging arena:-
}
}"X.400 is growing linearly, whereas the Internet is growing exponentially" ...
} (pause...)
}
}See similar guruland myths about simplicity of design, and complexity
}of X.435 responsibility protocol, for example...
}
}Is he comparing like with like?
}
}Or is it a blanket nonsense or otherwise semantic rubbish? like
}"low-fat butter" feeding on a fad, and hype?
}
}Is he referring to a feature of X.400 - its suitability for mission
}cricitial open messaging in both inter and intra business use, versus
}the owners of the Interent (the users!) who have large number of
}(contradictory) goals probably undefinable but large and expanding
}exponentially!?
}
}Who knows? Its Guru and sales-person talk. However many susceptible
}people are being taken in by this reasoning tack. They are denied
}real choice, thereby.
}
}But he gets away with it, and IMHO uses such ambiguity to mislead a
}large number of people down a path which suits his beliefs, and
}presumably his own business goals.
}
}However, good luck to him, and his emulators and partners, and his
}satisfied users. Bogus statements passively or actively rubbishing the
}competition often aid sales in a commodity market offering only of a
}single level of service. How else can one differentiate oneself from n
}other identical products or services!?. Especially if there is little
}added-value to be offered otherwise.
}
}Back to PEM and PGP - and (more importantly) standards processes for
}this market area which is well-expected to explode into a several
}billon dollar p.a. industry:-
}
}
}---------
}
}
}The whole point of my big picture argument is that PEM should not fall
}into this Guru trap. Gurus are happy to scamper around the edges of a
}market and obtain personal profits of 100-200K. Large company corporate
}investors are not! Let PEM differentiate itself by its quality, and its
}commitement to an infrastructure goal which enables realization of the
}market. let the market offer multiple qualities and modalities of
}service in security and models. Its clear thats what the users of the
}world (not just in the US) really want, as Ted states.