At 8:55 PM 2/22/96, Raph Levien wrote:

MOSS is dead, long live MOSS ----------------------------

There were five contenders on the field going into the day, and two and a half at the end. MOSS was one of the casualties. A lot of us were sorry to see it go, but eliminating candidates has got to happen if we're going to have interoperation. It's hard to say exactly what went wrong. MOSS had many advantages, and was a nice, clean, pretty standard. I think what doomed it was the lack of a good implementation. Even though MOSS is no longer considered a serious contender, one piece of it is still very much alive: the multipart/signed message format. At the end of the day, there was strong, nearly unanimous consensus that multipart/signed should be recommended as the signed message format for _all_ of the email encryption protocols.

I debated about responding since you are entitled to your opinion. After thinking about it for a while I decided I need to say a little something. It's my impression that MOSS suffered from lack of representation at this workshop. I got that view from at least 6 different people, so I believe it to be true. That said, I think it's unfair to declare its demise. Further there is a good implementation of MOSS. It was even announced at the workshop. Did you miss it? TIS has done an implementation that is available for anonymous FTP, albeit only within the US. It's integrated with MH, not the most favored mail user agent, but the current version has shell scripts that perform minimal MIME functions to facilitate integration with other agents. Finally, multipart/signed and multipart/encrypted are not MOSS. They are a framework independent of any particular secure email technology. True, MOSS depends on them, but I regard that as a feature not a bug. Jim ---------------------------------------------------------------------------- James M. Galvin galvin@eit.com VeriFone/EIT, PO Box 220, Glenwood, MD 21738 +1 410.795.6882