Re: BofA+Netscape
At 3:08 PM 12/11/94, James A. Donald wrote:
Amanda complained that Netscape pisses all over the standardization committees.
Well guys, the victor has room to move. It must come as a big shock to Apple, Microsoft, and IBM, but reality is that Netscape can set WWW standards and they cannot.
If they indulge the standardization committees by listening to them first, and then deciding to ignore them, the committee should be thoroughly greatful.
For the record, we're not trying to set standards -- we're trying to build products with functionality that our customers want and need. We'll succeed or fail on the basis of whether we do that, not whether or because we set standards. We fully realize that being proprietary or isolated from existing or future standards only locks us out of our market, which does us no good at all. That doesn't mean that we're not going to innovate when we need to, but it means we're not going to be anything other than totally open and standards-compliant. To that end, we aggressively support all current standards (HTML, HTTP, URLs, NNTP, Gopher, SOCKS, FTP, you name it), are a charter member of W3O (with a concomitant $150K commitment), and from day 1 have made SSL available to the broader community and have given it to the W3O security working group (of which we are a full participant) exactly in parallel with SHTTP and the three or four other proposals that have been submitted for consideration by other companies and third parties. I fully expect we'll be supporting other security standards and approaches as they emerge, and we certainly welcome realistic suggestions on what we should do, when, and how. Cheers, Marc -- Marc Andreessen Netscape Communications Corporation Mountain View, CA marca@mcom.com
Marc Andreessen says:
I fully expect we'll be supporting other security standards and approaches as they emerge, and we certainly welcome realistic suggestions on what we should do, when, and how.
I told you in Email, Mr. Andreessen, that new transport level security protocols are useless now that IPSP has come near to standardization and now that prototype implementations are nearly available. Many people at IETF in other groups expressed far less interest in proceeding with new security protocols now that there will be a network layer security protocol. However, you did not appear to be remotely interested. I suppose that you considered the comment I made "unrealistic". Personally, I consider to be unrealistic the notion that the same group of programmers who a year or two ago thought that the way to remove files on a Unix system was to use system(3) to call rm via the shell will be standardizing security -- after all, they couldn't produce a secure piece of software to begin with. My current presumption is that since the same programmers who produce Mosaic produced Netscape that, although pretty looking on the outside, it is just as bad on the inside: like a beautful marble skyscraper that is held together on the inside with chewing gum, toothpicks and rusty bailing wire. I have discouraged clients from using Netscape in the absense of source because there is no way to look for the security holes that are surely lurking within it; unfortunately, the product is just too pretty looking. By all means, of course, work on any security system you like. The burden will be on you to convince people to use it. Perry
participants (2)
-
marca@neon.mcom.com -
Perry E. Metzger