Re: IP Security......

John C Klensin <klensin@mail1.reston.mci.net> Wed, 15 March 1995 17:03 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa06519; 15 Mar 95 12:03 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa06515; 15 Mar 95 12:03 EST
Received: from ietf.cnri.reston.va.us by CNRI.Reston.VA.US id aa14968; 15 Mar 95 12:03 EST
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa06506; 15 Mar 95 12:03 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa06502; 15 Mar 95 12:03 EST
Received: from mail1.Reston.mci.net by CNRI.Reston.VA.US id aa14963; 15 Mar 95 12:03 EST
Received: from ever (ever.jck.com) by MAIL1.RESTON.MCI.NET (PMDF V4.3-10 #8388) id <01HO5XAX1Z280008J5@MAIL1.RESTON.MCI.NET>; Wed, 15 Mar 1995 12:04:01 -0500 (EST)
Date: Wed, 15 Mar 1995 12:03:48 -0500
X-Orig-Sender: iesg-request@IETF.CNRI.Reston.VA.US
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: John C Klensin <klensin@mail1.reston.mci.net>
Subject: Re: IP Security......
X-Sender: klensin@mail1.reston.mci.net
To: Mike O'Dell <mo@uunet.uu.net>, sob@harvard.edu
Cc: iesg@CNRI.Reston.VA.US
Message-id: <01HO5XB7FA6C0008J5@MAIL1.RESTON.MCI.NET>
X-Envelope-to: iesg@CNRI.Reston.VA.US
MIME-version: 1.0
X-Mailer: Windows Eudora Version 2.0.3
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit

Mike,

I think we may be able to stop SSL.  But, if we do, it will be on account of
other market forces -- and the basic protocol rottenness of the thing --
rather than because of the merit of our process.  NetScape is, even as we
speak, probably planning the next step of stampeding the marketplace.

In the more general case, I share your concern and frustration.  It is
really quite efficient for an organization -- NetScape, OSF, OMG,... -- to
put something out there, shout "120% of the market" and "defacto standard"
enough times, tell people that they better get on the bandwagon before the
train runs them over, and, by doing this stuff well,  actually create the
market share that "proves" that they were right all along.  Certainly, it is
more efficient than good and deliberative engineering.   The people who
invented SSL knew, from the beginning, that it was a quick hack -- much
quicker than trying to work through the details of a S-HTTP or a head-on
competitor to it -- and were firmly convinced that whomever got a majority
of the desktops with the claim of a secure Web setup by this spring was
going to win, regardless of anything else.  So they are being rational.

Of course, the counter-argument is that we've got a lot less to fear from
SSL -- which, at least, is an Internet-based protocol that isn't
conceptually that different from the IPSEC work (certainly different in the
details, but that is another matter) -- than we might from some very large
presence that might bundle "secure LAN Manager over IP" into one of its
products, sell a zillion of them, and then claim that it was the standard
because they set the standards.

    --john