As one of the designers of MOSS, I read your message with interest. I'm in
general agreement except on two points, neither of which changes your basic
analysis.
At 2:10 PM 4/24/96, Raph Levien wrote:
Jeff Cook wrote:
I don't understand the comment: "MOSS has already done an effective job of
killing itself, sadly." ...Jeff
Simply that few people, if any, believe that MOSS will survive the
coming shakeout in e-mail encryption protocols with any kind of
substantial deployment.
Probably right. Sigh.
The reasons for this are complicated, and I don't claim to fully
understand them myself, but I'll give it a shot.
I think the main problem is that its proponents underestimated the
amount of additional work that is required to make a standard viable.
MOSS has a standard and a barely-usable reference implementation. If it
was alone in the field, then that might have been enough. However, it's
going up against competitors that have much more momentum behind them.
Yup.
PGP, for example, has a usable and highly popular implementation out
there. In addition, it has a usable (though certainly not perfect) key
distribution infrastructure, including both e-mail and Web based
keyservers. Further, it has a standardized (if flawed) cryptographic
checksum of keys, which aids in manual key management.
S/MIME has the backing of many of the large players in both the
encryption and e-mail fields. There are currently five implementations
advanced enough for interoperability testing. There is an emerging
standard for cryptographic hashes of certificates, again facilitating
the manual bootstrapping of trust roots. I haven't been following the
key distribution aspect closely, but there is a Distributed Certificate
System architecture, supported by OpenSoft and probably others.
Even more interesting is that S/MIME was put together after, and in
reaction to, MOSS, thus indicating that the basic scheme of the MOSS design
didn't satisfy the big players.
In a nutshell, MOSS is based on the idea of exploiting MIME pretty
thoroughly instead of just grafting cryptographic services into MIME as a
fresh application. This degree of intimacy and interdependence on MIME
didn't sell well to the commercial players.
This point is more controversial, but I believe that MOSS suffers
from its "algorithm independent" design philosophy. S/MIME and PGP are
both interoperable (i.e. any two implementations are guaranteed to
interoperate), and both recommend the implementation of adequate
symmetric encryption algorithms (PGP goes further and requires it). MOSS
is neither. I believe that algorithm-dependent aspects of any protocol
make a difference in the real world and must be addressed.
I think the first point is actually wrong. A conformant MOSS
implementation should interoperate with others. The specification is in
two parts, one a general framework, and the other a specific set of
algorithm choices. The framework is indeed unspecific, but that was done
to permit other systems to come into existence if desired.
The "sadly" part of my statement reflects the fact that the MOSS spec
itself is very good. However, when taken in broader context, it's just
not fully there, nor do I sense a will on the part of the MOSS designers
to be responsive to user needs and bring it up to the level of a truly
viable contender.
Yes, I think the energy level necessary to compete in this area is no
longer there. Someone suggested to me once that if we had brought out a PC
version instead of just a Unix version, it might have caught on faster. I
thought that was a good point and would be something I would do differently
if I had it do over again.
Steve
--------------------
Steve Crocker Main: +1 703 620 4200
CyberCash, Inc. Desk: +1 703 716 5214
2100 Reston Parkway Fax: +1 703 620 4215
Reston, VA 22091
crocker(_at_)cybercash(_dot_)com