Peter,
At 1:15 PM -0700 4/28/96, Peter Williams wrote:
Peter may intend to point the finger elsewhere but his text seems to be
pointing
the finger at the security director who is the wrong person to accuse
entirely.
Phil, Ive never met, nor even exchange any mail with, the IETF
security director. Your interpretation is wrong. Given my
His confusion was and is understandable. I, too, could not figure
out what the heck you were referring to, in terms of people or actions. I
still can't.
The text pined for the IETF security
groups which Steve Crocker led. It lamented the way IETF during
This is the sort of statement that engenders the confusion. While
I happen to believe that the problem had very, very little to do with Steve
(and I wouldn't let a little thing like blood get in the way of claiming
otherwise if I believed it) there was precious little security-related
progress in the IETF during those early years of the modern IETF. You
might long for whatever warm feelings you experienced within the security
working groups of that time, but they achieved very little.
the years which followed tried to be an (international)
standards deciding place, rather than a cooperative place
for advancing our Internet technology.
The technology-not-standards years preceded the modern IETF. It
has been an international standards body for at least 6 years. What can,
and often does, distinguish it is its ability to pay far more attention to
technical quality than seems to be typical for a standards body. What at
times hurts it the most, now, is failing to keep that focus on a core
technical vision, instead trying to hybridize an effort to pacify too wide
a range of views. Such diffusion doesn't happen always, today, any more
than successes happened 100% of the time back in the good ol' days, as
evidenced by the security track record, then...
There seemed to be a commercial elite, who decided. And the rest
followed. This is not the IETF I used to know and
No idea where you got this view of current IETF security work from
but it mostly doesn't match my own. Instead of being cryptic, it would
help if you simple offered some details. All these veiled references to
commercial interests and dominance of crass consultants is confusing. If a
problem needs fixing it needs to be detailed.
security. There is continual anti-RSADSI ranting,
as a scapegoat solution; however, there is much more too
it in my opinion. It involves the failure of DCE as a
platform, Kerberos V5, and other interests. The underlying
frustration surfaces periodicaly, as anti-ASN.1 statements,
also!
Criticisms of RSA have something to do with the failure of DCE?
Wow. Interesting correlations you draw.
As for ASN.1, please note that the Other Crocker published a rather
pointed criticism of it about a year ago, citing ambiguity of
interpretation and difficulty of debugging when it is used. What about the
possibility that criticisms of ASN.1 aren't political but are, in fact,
just criticisms of ASN.1?
AS far as I can tell, few people have anything positive
to say about the IETF process when applied to snmp v2 security
I haven't been anywhere close to this debacle or its details, but
everything I'm hearing says this has more to do with personalities than
process.
(fraticide), PEM/MOSS (creation of S/MIME & IMC), IPSec (S/WAN
And this, of course, is what prompts my note. I was succeeding at
ignoring your strange, previous note, but when you pull the Internet Mail
Consortium in, I'm obligated to respond. If you will read the texts
concerning IMC <http://www.imc.org> you will note that it will at no time,
in any way, compete with or pre-empt IETF processes. It will at all times
and in every way work to complement those processes. IMC was created in
response to a perceived need for trade association representation of an
emerging industry, namely Internet mail. Nothing. Repeat. Nothing, in
its creation was in any shape form or fashion related to problems with the
IETF. Quite the opposite. We've tried to construct the IMC in a fashion
that echoes the IETF style, to the extent that that is possible for a trade
association. But please note that I said style, not function.
is lots of it to be done. I dont mind where it occurs
so long as the aim is to get the technical job done
cooperatively with minimal religion.
amen!
d/
--------------------
Dave Crocker +1 408 246 8253
Brandenburg Consulting fax: +1 408 249 6205
675 Spruce Dr.
dcrocker(_at_)brandenburg(_dot_)com
Sunnyvale CA 94086 USA http://www.brandenburg.com
Internet Mail Consortium http://www.imc.org,
info(_at_)imc(_dot_)org