W3C home > Mailing lists > Public > ietf-discuss@w3.org > November 2002

Re: Mandatory MIME security

From: Dave Crocker <dcrocker@brandenburg.com>
Date: Thu, 7 Nov 2002 22:19:42 -0800
Message-ID: <23175914331.20021107221942@tribalwise.com>
To: discuss@apps.ietf.org

Folks,


Thursday, November 7, 2002, 12:27:04 PM, Chris Newman wrote:
Chris> Sometimes markets do stupid things.  So as a general principle, a standards
Chris> group should be aware of how things are faring in the market, but a 
Chris> standards group which cares about technical excellence should not always 
Chris> follow to the market.

1. The market does not appreciate parenting. It's accepts innovation
quite well, but it rolls right over folks who ignore a market history
of rejection.

2.  This is not about "excellence".  S/Mime and OpenPGP are viewed as
equally competent. (We need to be careful that the discussion does not
devolve into flag waving.)

3. Standards groups that ignore market feedback are standards group
that become irrelevant. (Perhaps folks will note that I seem to be
repeating this point a bit. That's only because it is being ignored...
a lot.)


Chris>   Standards groups can and should push the market to
Chris> do better technically where it is feasible.

Filling a void with something new is different from the current
situation. Here we are forcing arbitrary choices between two
alternatives that have both been -- so far, at least -- rejected by
the mass market.



Thursday, November 7, 2002, 4:10:00 PM, Dan Kohn wrote:
Dan> Personally, I draw the exactly opposite conclusion than you.  I think
Dan> the IESG policy is correct, in that it implements a critical concept
Dan> from RFC 1958, Architectural Principles of the Internet, Section 3.2:
Dan>   "If there are several ways of doing the same thing, choose one."

When a working group is creating a new specification and is faced with
alternative design choices, the rule is a good one.

This ain't that. This is a case in which the market has already been
given "several ways of doing the same thing" and it has demonstrated
years of failing to choose one. That is, we did our usual thing. We
"let the market decide" but the market has not (yet) done its job. The
idea that we can arbitrarily do its job for it is not credible.
Certainly not after this much time and certainly not with a policy
that does not, in fact, choose only one.


Dan> In my mind, the analogy to the standards world is the relative failure
Dan> of US 2G cellular standards (TDMA vs. CDMA) vs. a single European
Dan> standard (GSM) that was adopted around the world.

That was before anything was deployed.


Dan> BTW, the other relevant examples that come to mind are more ambiguous.
Dan> SIPP was selected for IPv6 over TUBA but penetration is obviously still
Dan> very weak.

We probably don't want to go down the 'why has IPv6 taken so long'
path, in this thread.

It is a topic that requires beer.

Oh.

No that's not right...

Now I understand the reason for the IPv6 single-malt event at the IETF
meetings...

d/
-- 
 Dave Crocker  <mailto:dcrocker@brandenburg.com>
 TribalWise <http://www.tribalwise.com>
 t +1.408.246.8253; f +1.408.850.1850
Received on Friday, 8 November 2002 01:37:43 UTC

This archive was generated by hypermail 2.3.1 : Monday, 16 July 2018 13:05:40 UTC