From: “Blake Ramsdell” <Blaker@msn.com>
To: “James M. Galvin” <galvin@eit.com>
Message Hash: c5c4c7492c904ff3da0656df37c83e0f9a5601c164cf5b91076a36cef539c309
Message ID: <UPMAIL01.199602280321080943@msn.com>
Reply To: N/A
UTC Datetime: 1996-02-28 04:05:21 UTC
Raw Date: Wed, 28 Feb 1996 12:05:21 +0800
From: "Blake Ramsdell" <Blaker@msn.com>
Date: Wed, 28 Feb 1996 12:05:21 +0800
To: "James M. Galvin" <galvin@eit.com>
Subject: RE:
Message-ID: <UPMAIL01.199602280321080943@msn.com>
MIME-Version: 1.0
Content-Type: text/plain
> James M. Galvin said:
> It's my impression that MOSS suffered from lack of representation at this
> workshop. I got that view from at least 6 different people, so I believe
> it to be true. That said, I think it's unfair to declare its demise.
I agree with this impression -- I think that MOSS was not represented in any
meaningful way. The question that begs to be asked is: why?
I also agree with the assessment that MOSS was a casualty due to a certain
extent to the lack of representation.
To recap the purpose of this conference, it was for the interested parties
involved with security specifications to review their differences, determine
the requirements, and possibly even to come out with a preferred solution. If
the interested parties don't show up, it seems that they are not going to have
their arguments heard. In fact, I believe that MOSS is the *only*
specification that didn't have a significant group of proponents present
during the entire proceedings.
I knew darn well that we as a group would be gunning down one or more of these
specifications to simplify the process, and if I wanted anything to say about
it, then I'd better go.
Before the conference, while this list was forming, I asked Dave Crocker what
the agenda was, and who specifically was speaking about each specification --
the reason I did this is to find out if the *absolute best* representative for
each specification was speaking, so that we would not end up in a situation
where the audience was uninformed about a specification, and I could feel that
the meeting would be productive. Ultimately, for PGP and S/MIME, it was the
authors or editors themselves that provided insight into their respective
specification, and for MSP it was at least one key implementor.
For MOSS, it seemed that the whole contingency (people who were either in
charge of the specification, who had plans to implement the specification, or
who were significant customers interested in the specification) was you (an
author of the specification), and you had to split. This is not a good sign.
If the people who cared about MOSS participated in the public forums provided
for discussing it (mailing lists such as pem-dev), then they would have been
made aware of this meeting just like the other specification proponents, and
would have shown up. You showed up, showed a chart that didn't demonstrate
MOSS as a clear winner, and didn't stick around to discuss the chart (which I
thought was a good start to finding The Answer).
This also reminds me of a time when a call went out for the MOSS implementors
to raise their hands (on the pem-dev list) -- and only Ned Freed answered.
This could very well be because MOSS implementors don't hang out on the
mailing list, which is somewhat strange since the timeframe in which this
question was posed was very close to the release date of the specification
(10/95). In fact, Dave Crocker recently said that "Clear, corporate
commitments from product vendors ought to confirm or dispel the rumor of the
MOSS demise", and we have not had *any* vendors step up since that statement.
Don't get me wrong -- I don't consider myself to be prejudiced away from MOSS.
Near the end of the meeting, I specifically pointed out that: First we had
PEM, and it died. Now we have MOSS, which is 47 pages long, and less than
*four months* old, and we are calling it dead also.
The answer to that was that it made a great "over beer" question -- a question
to be discussed over a beer.
Care for a beer?
Blake
Return to February 1996
Return to ““Brad Knowles” <brad@azathoth.ops.aol.com>”