[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RE: [ Death of MOSS? ]
On Feb 28, 12:16am, Blake Ramsdell wrote:
> > James M. Galvin said:
> > It's my impression that MOSS suffered from lack of representation at this
> > workshop. I got that view from at least 6 different people, so I believe
> > it to be true. That said, I think it's unfair to declare its demise.
>
> I agree with this impression -- I think that MOSS was not represented in any
> meaningful way. The question that begs to be asked is: why?
May I restate a point I've been saying for a while?
From what I recall of Terry Gray's presentation, MOSS seemed to be
a highly thought of integration of MIME and security, although perhaps
none of us thought much of the particular TIS freely available
implementation.
I know that, from my personal perspective, MOSS appears to be the
best example of integrating security into MIME, at least from a
framework perspective. The only reason PGP/MIME also rates a "+" in
my book is because it is based on the current PGP standard (the de
facto standard for our primary user base) as well as being reasonably
well integrated into MIME.
I would vehemently oppose any statement that MOSS *as a framework*
is dead. I don't think the particular TIS freely available
implementation has much of a future, but I'm a very strong supporter
for taking the existing MOSS standard and removing any remaining
algorithm specifics and then using it as a framework for implementing
a secure email standard with the PGP, S/MIME, or MSP trust models,
certificates, encryption algorithms, etc....
Obviously a few additional enhancements would be necessary, such
as cryptographic signatures on return receipts and classification
labels (as two examples, there may be more), but MOSS is my current
best yardstick for measuring just how well a secure email standard
really is integrated into MIME, with the absolute minimal amount of
disturbance to the existing MIME standard (and thus, making it the
most "native" MIME implementation of a secure email standard).
And if you look at what I've said previously, it is my firm belief
that if we are to succeed in giving users a truly interoperable secure
email standard, then said standard must be fully and completely
integrated into MIME and do everything it does in the proper MIME way,
as opposed to just being security grafted on.
This is why I advocate finding out what the current (proposed)
MIME way is of handling return receipts and then finding how we can
add the dimension of security to those receipts, instead of just
defining our own secure receipts that are distinct from regular
receipts.
MOSS the implementation may well be dead, but MOSS the framework I
feel is very much alive, and will likely continue to live well beyond
the other standards that were championed by presenters who remained at
the workshop into the afternoon, if only because I think MOSS as a
framework will likely define the framework that the other standards
(and any future standards) will have to find a way to fit into.
--
Brad Knowles MIME/PGP: [email protected]
Mail Systems Administrator <http:www.his.com/~brad/>
for America Online, Inc. Ph: (703) 453-4148