Re: FYI: comments on adoption of PGP/MIME standard

I think in the area of S/MIME-MOSS, SSL-IPSec the IETF
learned something about itself. Those senior IETF
who engineered (and continue to engineer) such animosity in the IETF processes,
particularly in the MIME area - mainly for their own consultatancy 
or demagogic benefits - have perhaps shown us where IETF itself
needs amending.



Peter may intend to point the finger elsewhere but his text seems to be 
pointing 
the finger at the security director who is the wrong person to accuse entirely.


I know that the security area director has been very positive to _any_ security 
proposals from _any_ source, provided they actually deliver security and are 
not 
proprietorial. Don't forget that he is the person who is responsible for the 
MIT 
PGP distribution site and was also active in the development of PKCS #7, 
insisting that it be possible to generate messages in a single pass. In 
addition 
before suggesting that he was acting aginst S/MIME consider that the Chairman 
of 
RSA is the Deputy Director of MIT LCS and that they are on good terms.

There was early resistance to SSL for good reason. At the only presentation 
where SSL was described before it was released in the browser both myself and 
Alan Schiffman broke the protocol before Marc had sat down. Despite this I was 
not consulted about possible fixes or any of my other concerns. While such a 
development process is understandable in a new company that then had less than 
a 
hundred people working for it it is not an IETF process. Until a year ago when 
Taher, Jeff and co joined Netscape had no security expertise to offer and were 
not willing to share their ideas anyway. I still believe SSL to be a deeply 
flawed approach to the security of HTTP. It does not provide the functionality 
required to interoperate with caches and support workflow. It is however a 
credible solution to the problem of securing the Web (i.e. HTTP + other URI 
protocols).


There is a problem with certain areas of the IETF which has failed to realise 
the change in the nature of the Internet. Wheras five years ago the critical 
issue was still interoperability even if the other side was broken. Today there 
are resources avaliable and much of the Internet architecture and if Microsoft 
releases Windows 96 with an SMTP system that does not pander to broken sendmail 
configurations much of the world will have to fix itself :-)


        Phill

<Prev in Thread]	Current Thread	[Next in Thread>
FYI: comments on adoption of PGP/MIME standard, Jeff Cook Re: FYI: comments on adoption of PGP/MIME standard, Raph Levien Re: FYI: comments on adoption of PGP/MIME standard, Steve Crocker Re: FYI: comments on adoption of PGP/MIME standard, Dave Crocker Re: FYI: comments on adoption of PGP/MIME standard, Ned Freed Re: FYI: comments on adoption of PGP/MIME standard, Steve Crocker Re: FYI: comments on adoption of PGP/MIME standard, Dave Crocker Re: FYI: comments on adoption of PGP/MIME standard, Steve Crocker Re: FYI: comments on adoption of PGP/MIME standard, Dave Crocker Re: FYI: comments on adoption of PGP/MIME standard, Peter Williams Re: FYI: comments on adoption of PGP/MIME standard, hallam <= Re: FYI: comments on adoption of PGP/MIME standard, Peter Williams

Previous by Date:	Re: FW: MIME Security with PGP, Peter Williams
Next by Date:	Re: FW: MIME Security with PGP, Nathaniel Borenstein
Previous by Thread:	Re: FYI: comments on adoption of PGP/MIME standard, Peter Williams
Next by Thread:	Re: FYI: comments on adoption of PGP/MIME standard, Peter Williams
Indexes:	[Date] [Thread] [Top] [All Lists]