[Blake Ramsdell]

> James M. Galvin said:
> It's my impression that MOSS suffered from lack of representation at this
> workshop.  I got that view from at least 6 different people, so I believe
> it to be true.  That said, I think it's unfair to declare its demise.

I agree with this impression -- I think that MOSS was not represented in any 
meaningful way.  The question that begs to be asked is:  why?

I also agree with the assessment that MOSS was a casualty due to a certain 
extent to the lack of representation.

To recap the purpose of this conference, it was for the interested parties 
involved with security specifications to review their differences, determine 
the requirements, and possibly even to come out with a preferred solution.  If 
the interested parties don't show up, it seems that they are not going to have 
their arguments heard.  In fact, I believe that MOSS is the *only* 
specification that didn't have a significant group of proponents present 
during the entire proceedings.

I knew darn well that we as a group would be gunning down one or more of these 
specifications to simplify the process, and if I wanted anything to say about 
it, then I'd better go.

Before the conference, while this list was forming, I asked Dave Crocker what 
the agenda was, and who specifically was speaking about each specification -- 
the reason I did this is to find out if the *absolute best* representative for 
each specification was speaking, so that we would not end up in a situation 
where the audience was uninformed about a specification, and I could feel that 
the meeting would be productive.  Ultimately, for PGP and S/MIME, it was the 
authors or editors themselves that provided insight into their respective 
specification, and for MSP it was at least one key implementor.

For MOSS, it seemed that the whole contingency (people who were either in 
charge of the specification, who had plans to implement the specification, or 
who were significant customers interested in the specification) was you (an 
author of the specification), and you had to split.  This is not a good sign.  
If the people who cared about MOSS participated in the public forums provided 
for discussing it (mailing lists such as pem-dev), then they would have been 
made aware of this meeting just like the other specification proponents, and 
would have shown up.  You showed up, showed a chart that didn't demonstrate 
MOSS as a clear winner, and didn't stick around to discuss the chart (which I 
thought was a good start to finding The Answer).

This also reminds me of a time when a call went out for the MOSS implementors 
to raise their hands (on the pem-dev list) -- and only Ned Freed answered.  
This could very well be because MOSS implementors don't hang out on the 
mailing list, which is somewhat strange since the timeframe in which this 
question was posed was very close to the release date of the specification 
(10/95).  In fact, Dave Crocker recently said that "Clear, corporate 
commitments from product vendors ought to confirm or dispel the rumor of the 
MOSS demise", and we have not had *any* vendors step up since that statement.

Don't get me wrong -- I don't consider myself to be prejudiced away from MOSS. 
 Near the end of the meeting, I specifically pointed out that:  First we had 
PEM, and it died.  Now we have MOSS, which is 47 pages long, and less than 
*four months* old, and we are calling it dead also.

The answer to that was that it made a great "over beer" question -- a question 
to be discussed over a beer.

Care for a beer?

Blake