On Wed, Nov 13, 2013 at 11:05 AM, Ted Lemon <Ted.Lemon@xxxxxxxxxxx> wrote:
On Nov 13, 2013, at 10:49 AM, Ole Troan <otroan@xxxxxxxxxxxxx> wrote:If I'd been area director earlier in the process I might have just shut the working group when it became clear that the principals couldn't agree on a proposal, and required that they come to agreement before a BoF would be approved. But it's much too late in the process to do that now. And I don't even know if that would have produced a better outcome.
> is there a problem here, or should we just accept that sometimes the IETF
> will generate ten sets of publications solving more or less the same problem?
I am not sure that would have worked. As with the S/MIME vs PGP standards war there were ideological factions. Putting those two factions in a room and requiring them to emerge with one standard would not have worked unless there was a very skilled technical arbiter who could work with the two sides and get them to identify the aspects that they considered essential requirements. Phil Zimmerman has already walked out on the PEM fiasco he had a user base and was not at all convinced that the S/MIME faction had any technical contributions they could make.
Until relatively recently the majority of posters here would assert that I was completely wrong about the need to embrace NAT boxes as part of the solution rather than consider them to be a dangerous nuisance to be eliminated at all costs. Part of the reason behind the profusion of proposals is that many of the principals had rejected the only viable architecture.
Forcing them to agree before having a BOF would not have worked because the approaches were not compatible. The NOMCON scheme makes the system dramatically worse as it makes achieving groupthink on the IAB and IESG a goal. The people who were wrong about using NAT to transition to IPv6 the longest were the people at the top of the IETF oligarchy. What would have happened in that situation would be that the 'lets kill the NAT boxes' faction would have won and either the IPv6 transition scheme would be coming out of ETSI or W3C or not at all.
People can say what they like about the NSA, at least they listen to their critics.
Getting back to PGP vs S/MIME, I think we have a once in a decade opportunity to move past that deadlock due to the Snowden files. There is also at least one documentary and a movie in the works so we have maybe 18 months to develop a scheme that combines both approaches.
The core of PGP is the peer trust model which is also its main limitation. If I already know the recipient then PGP is the strongest way to get a message to them because I do not need a trusted third party as an introducer. The problem with PGP is that it really does not scale or achieve 'viral' growth. Twenty years later the user groups are islands of a few hundred or in rare cases a few thousand.
The S/MIME message formats don't offer any real technical advantages over the PGP formats except that they are supported by the legacy infrastructure to a far greater extent. Passing S/MIME unmolested is a requirement almost every mail server has supported for a decade.
Website: http://hallambaker.com/