Worst Bug or Shortcomings in a Standard?

Alastair asks: "Just curious what the Slashdot crowd thinks are the worst bugs ever to creep into a standard? For mine, the various security vulnerabilities in WEP would make the grade. Also perhaps the lack of a protocol field in HDLC, and which most implementations added in a non-compatible way. I'm thinking here about bugs which result in partial or total irrelevance of the standard itself, as opposed to just a lack of interest in adopting it."

Re:SMTP has no sender authentication.

[squiggleslash]

Who certifies that your authentication is authentic? ICANN, Verisign, Network Solutions, .. Microsoft?

Depends. That's up to you. Back in the mid-nineties, there were various proposals and I think the major issue was the politics surrounding encryption (an indirect issue, but PGP was both an authentication system and encryption system) and the RSA patent more than disagreement on how it could work. PGP in particular used a pretty reasonable system that allowed you to create what boiled down to trusted networks. You'd certify your friends. Friends could certify each other. Get a key, see it's signed by people you know, and you can be pretty sure it's genuine.

It was a nice system but network and real politics really ensured it didn't take off. You had patents. You had paranoid government agencies enforcing export controls on encryption protocols. You had commercial enterprises making email clients who didn't want to enter that particular can of worms if they could get away with it.

The idea that the "anti-spam crowd" is a unified body is .. interesting. I'm sure that that being told that an idea was discussed years ago and rejected might be annoying, but have you really looked at the various trade-offs that were discussed then?

I think you're trying to find things to take issue with. Nobody ever suggested the anti-spam crowd is unified. If I were to say that only Dogs are particularly interested in peeing on lamp-posts, would you claim that this is unfair because you know a lot of dogs that do not do that kind of thing?

I also did explain the tradeoffs, in brief, in the whole accountable static IPs vs easy to administer and efficient with roaming dynamic IPs debate. (I could add paranoia over the supposed world wide shortage of IP addresses, but I don't think that was ever as big an issue as people maintained. If it had been, we'd be on IPv6 by now.)