Hi, Amanda.
Hi, folks.
Gad. Talk about a topic guaranteed to bring me out from my
cubbyhole. And I don't get to disagree with Amanda all that often.
At 10:03 AM 1/12/95, Amanda Walker wrote:
(1) The IETF has no enforcement power. If you violate an Internet standard,
In reality, almost no standards body has meaningful enforcement
power. There are a few exceptions, but not worth going into. Just take a
look at various examples of failures by the "official" standards bodies.
So, I'd claim this is a non-issue.
(2) Internet standards efforts are descriptive, not prescriptive. Rather
Ultimately, standards are specs. Ultimately, that's what we
produce. You are quite correct about a feature that makes the IETF
approach rather distinctive and have a better-than-average success rate,
but ultimately, our product is a document, just like all the other guys.
(3) There is no formal voting or representation process, in part to encourage
the emphasis of implementation over politics.
Ultimately, it all boils down to having a method for decision
making and tie-breaking.
It's true that we don't have registered, nose-counting voting. It
turns out that the line-work of ISO and CCITT are done by relatively small
groups that are mostly run by discussion consensus. Honest.
They can and do have voting as a final resort and they can and do
have very formal stuff up the approval chain, but these are tactical
distinctions -- critical though they may be -- rather than fundamental
characteristics that qualify a standards process, I believe.
(4) In theory, working code takes precedence over theoretical concerns.
In practise, group consensus takes precendence over both code and
theory. That's true for us and all the other guys. Among the 3 issues,
the ability of a group to balance things will, of course, have a big effect
on productivity and success. That true for us and all the other guys...
There is a reason that SMTP & MIME succeeded on the Internet and X.400 did
not, even though X.400 is in many respects technically superior. But X.400
implementations generally lag at least 4 years behind approval of the
standards. If that's what we want to emulate, we should just use it. The
latest revs of X.400 and X.500 are quite technically impressive and complete.
This is, of course, a black hole, more likely to derail everything,
but I won't let that stop me from commenting: I'd say that your assessment
might be credible if X.400 and Mime had hit the streets at the same time.
Given that X.400 had a 10 year head start, and had no competition, I'd
guess other factors might be responsible, such as X.400's complexity and
the poor specification continuity (protection of the installed base) from
the 84 to 88 to 92 specifications, for example.
Just to give some perspective, I used to be an X.400 proponent, because in
Me too. From the start. Operative term is "used to be" of course...
Bottom line: The IETF is a standards body. The pem-dev working group is a
standards group working on messaging authentication & privacy (and maybe
one or two other security issues.)
d/
--------------------
Dave Crocker
Brandenburg Consulting +1 408 246 8253
675 Spruce Dr. fax: +1 408 249 6205
Sunnyvale, CA 94086
dcrocker(_at_)mordor(_dot_)stanford(_dot_)edu