pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: FYI: comments on adoption of PGP/MIME standard (fwd)

1996-04-28 13:42:00
from [Peter Williams] [Permanent Link] 
 


Peter may intend to point the finger elsewhere but his text seems to be

pointing 

the finger at the security director who is the wrong person to accuse entirely.

 

Phil, Ive never met, nor even exchange any mail with, the IETF
security director.  Your interpretation is wrong. Given my
Steve Crocker reference (a former director), I can see why one might 
construe your opinion, however.

The text pined for the IETF security 
groups which Steve Crocker led. It lamented the way IETF during
the years which followed tried to be an (international)
standards deciding place, rather than a cooperative place
for advancing our Internet technology. 
 
There seemed to be a commercial elite, who decided. And the rest
followed. This is not the IETF I used to know and
respected. I dont believe that Jeff Schiller is responsible
for this; he is just the director during whose tenure 
the security IETF as a whole went through a dark age such that
most of the real security workers went elsewhere for cooperative 
multi-vendor forums.

As Alan schiffman said once, IETF has been feeling unloved of late.
I suggest we have to make it a more harmonious place
once again. As Mark Handley once said, IETF
just doesnt know how to handle the vested interests in
security. There is continual anti-RSADSI ranting, 
as a scapegoat solution; however, there is much more too
it in my opinion. It involves the failure of DCE as a
platform, Kerberos V5, and other interests. The underlying
frustration surfaces periodicaly, as anti-ASN.1 statements,
also!

AS far as I can tell, few people have anything positive
to say about the IETF process when applied to snmp v2 security
(fraticide), PEM/MOSS (creation of S/MIME & IMC), IPSec (S/WAN
initiative required, commercial war over SKIP), PGP/MIME (fractioned
opinion, and paralysis), PKIX (fractioned into SPKI, outgrown
by SET), etc.

That security things are now about to go massively 
live as a first generation solution, however, in some of these areas,.
is however a tribute to the _underlying_ success of IETF. But, boy is
it painful. 

The next round of security stds work is due, and there
is lots of it to be done. I dont mind where it occurs
so long as the aim is to get the technical job done
cooperatively with minimal religion.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: FW: MIME Security with PGP, Peter Williams
Next by Date:  Re: FYI: comments on adoption of PGP/MIME standard (fwd), Rich Salz
Previous by Thread:  Administrative Reminder, Mark S Feldman
Next by Thread:  Tunneling PGP through S/MIME (was "FYI: comments on adoption..."), Raph Levien
Indexes:  [Date] [Thread] [Top] [All Lists]