On Feb 28, 12:16am, Blake Ramsdell wrote:
James M. Galvin said: It's my impression that MOSS suffered from lack of representation at this workshop. I got that view from at least 6 different people, so I believe it to be true. That said, I think it's unfair to declare its demise.
I agree with this impression -- I think that MOSS was not represented in any meaningful way. The question that begs to be asked is: why?
May I restate a point I've been saying for a while? From what I recall of Terry Gray's presentation, MOSS seemed to be a highly thought of integration of MIME and security, although perhaps none of us thought much of the particular TIS freely available implementation. I know that, from my personal perspective, MOSS appears to be the best example of integrating security into MIME, at least from a framework perspective. The only reason PGP/MIME also rates a "+" in my book is because it is based on the current PGP standard (the de facto standard for our primary user base) as well as being reasonably well integrated into MIME. I would vehemently oppose any statement that MOSS *as a framework* is dead. I don't think the particular TIS freely available implementation has much of a future, but I'm a very strong supporter for taking the existing MOSS standard and removing any remaining algorithm specifics and then using it as a framework for implementing a secure email standard with the PGP, S/MIME, or MSP trust models, certificates, encryption algorithms, etc.... Obviously a few additional enhancements would be necessary, such as cryptographic signatures on return receipts and classification labels (as two examples, there may be more), but MOSS is my current best yardstick for measuring just how well a secure email standard really is integrated into MIME, with the absolute minimal amount of disturbance to the existing MIME standard (and thus, making it the most "native" MIME implementation of a secure email standard). And if you look at what I've said previously, it is my firm belief that if we are to succeed in giving users a truly interoperable secure email standard, then said standard must be fully and completely integrated into MIME and do everything it does in the proper MIME way, as opposed to just being security grafted on. This is why I advocate finding out what the current (proposed) MIME way is of handling return receipts and then finding how we can add the dimension of security to those receipts, instead of just defining our own secure receipts that are distinct from regular receipts. MOSS the implementation may well be dead, but MOSS the framework I feel is very much alive, and will likely continue to live well beyond the other standards that were championed by presenters who remained at the workshop into the afternoon, if only because I think MOSS as a framework will likely define the framework that the other standards (and any future standards) will have to find a way to fit into. -- Brad Knowles MIME/PGP: BKnowles@aol.net Mail Systems Administrator <http:www.his.com/~brad/> for America Online, Inc. Ph: (703) 453-4148