From: Michael Hammer
Sent: Thursday, October 21, 2004 9:30 AM
<...>
Some of us view this as an Open Standard effort rather than an Open
Source project. That is, as long as the standards are open and
unecumbered there may be both Open Source and Proprietary
implementations of them.
That's an excellent point and in keeping with long-standing practice.
An open standard does not even have to originate from a group such as this,
depending on the problem being addressed. One familiar example is Ethernet,
which was originally developed by Xerox and DEC and put into the public
domain. The IEEE then standardized it, with minor changes, as the IEEE802
series of standards. The IETF developed RFC's for encapsulating IP over
Ethernet, and it has become the primary transport mechanism for TCP at the
local network level. The folks at Xerox understood perfectly well that any
IP encumbrance on this technology would likely kill it, so they wisely chose
not to do that.
Developing Ethernet at a time when the primary competitive technology was
Arcnet was a suitable task for a large corporate research organization
cooperating with another large company. There was no widely deployed base
of anything besides RS-232 and Bell 202 modems, so a focused effort by a few
key players who understood the needs of the market very well could come up
with a practical solution. Both understood this was an enabling technology
that had to be an open standard to allow their businesses to grow. They did
the right thing and the result was the computer network, which had
repercussions far beyond what any of its inventors could have imagined.
Adding authentication to the ubiquitous SMTP protocol set is a different
kind of problem, and is not really amenable to being solved by a few key
players in a closed environment. There are simply too many stakeholders due
to its near-universal usage and any solution that is to be deployed must
have a broad consensus. Making it more difficult is the fact that not all
the stakeholders are profit-making corporations, so an industry consortium
is not even the right vehicle to attack this problem.
That leaves us with the slow, tedious, inefficient, open standards process
as the only practical way to get the broad agreement of enough stakeholders.
Corporations have a lot at stake and can contribute a lot to the solution,
along with non-corporate stakeholders, who bring a different point of view
to the problem. Like the computer network, email is an enabling technology
with far-reaching uses and an authentication solution cannot have _any_ IP
encumbrances for it to be a success. The overwhelming majority of those on
this list, including those representing their employers, understand this and
have no problem with it. Any company that does not understand this makes it
very difficult or impossible for them to be part of the solution.
--
Seth Goodman