James M. Galvin said: It's my impression that MOSS suffered from lack of representation at this workshop. I got that view from at least 6 different people, so I believe it to be true. That said, I think it's unfair to declare its demise.

I agree with this impression -- I think that MOSS was not represented in any meaningful way. The question that begs to be asked is: why? I also agree with the assessment that MOSS was a casualty due to a certain extent to the lack of representation. To recap the purpose of this conference, it was for the interested parties involved with security specifications to review their differences, determine the requirements, and possibly even to come out with a preferred solution. If the interested parties don't show up, it seems that they are not going to have their arguments heard. In fact, I believe that MOSS is the *only* specification that didn't have a significant group of proponents present during the entire proceedings. I knew darn well that we as a group would be gunning down one or more of these specifications to simplify the process, and if I wanted anything to say about it, then I'd better go. Before the conference, while this list was forming, I asked Dave Crocker what the agenda was, and who specifically was speaking about each specification -- the reason I did this is to find out if the *absolute best* representative for each specification was speaking, so that we would not end up in a situation where the audience was uninformed about a specification, and I could feel that the meeting would be productive. Ultimately, for PGP and S/MIME, it was the authors or editors themselves that provided insight into their respective specification, and for MSP it was at least one key implementor. For MOSS, it seemed that the whole contingency (people who were either in charge of the specification, who had plans to implement the specification, or who were significant customers interested in the specification) was you (an author of the specification), and you had to split. This is not a good sign. If the people who cared about MOSS participated in the public forums provided for discussing it (mailing lists such as pem-dev), then they would have been made aware of this meeting just like the other specification proponents, and would have shown up. You showed up, showed a chart that didn't demonstrate MOSS as a clear winner, and didn't stick around to discuss the chart (which I thought was a good start to finding The Answer). This also reminds me of a time when a call went out for the MOSS implementors to raise their hands (on the pem-dev list) -- and only Ned Freed answered. This could very well be because MOSS implementors don't hang out on the mailing list, which is somewhat strange since the timeframe in which this question was posed was very close to the release date of the specification (10/95). In fact, Dave Crocker recently said that "Clear, corporate commitments from product vendors ought to confirm or dispel the rumor of the MOSS demise", and we have not had *any* vendors step up since that statement. Don't get me wrong -- I don't consider myself to be prejudiced away from MOSS. Near the end of the meeting, I specifically pointed out that: First we had PEM, and it died. Now we have MOSS, which is 47 pages long, and less than *four months* old, and we are calling it dead also. The answer to that was that it made a great "over beer" question -- a question to be discussed over a beer. Care for a beer? Blake