I log in many times a day to three different POP3 servers. Not one of these POP3 servers supports the APOP or AUTH command. That means my password is sent across the Internet many times a day in clear text. APOP is specified in RFC 1460, published in 1993. AUTH is specified in RFC 1734, published in 1994. There are good, open source -- that is, free -- mail servers that support it. So why don't any of these ISPs support APOP or AUTH? I'm just guessing that it's lethargy. Or maybe apathy.
Considering the situation with POP3, as well as many similar situations that I won't bother to mention, I have to wonder if the IETF has now become irrelevant. There is no simple answer to the question, of course. The IETF is relevant in certain areas, irrelevant in other areas. I do believe, though, that the Internet has become so large that the IETF cannot create a new protocol that will be widely adopted. The IETF, for instance, is helpless to solve the spam problem: it cannot fix or replace SMTP.
In contrast to the IETF, blogging is happening. RSS is happening. Atom is happening.
Posted by Doug Sauder at November 15, 2003 09:30 AM