RE: Issue with the requirements document: PKIX-centric terminology

[Paul Hoffman <paul.hoffman@xxxxxxxx>]

At 6:48 AM -0400 8/10/07, Carl Wallace wrote:
> I thought this was generally already done but will review the 
> in-progress -02 draft for outliers and try to make the distinction 
> clearer.

Thanks!

> I don't think we should remove the language since supporting RFC3280 
> is important.

Of course, but that could easily be covered by talking about 
supporting PKIX, not by including all the minutia in the examples. :-)

At 9:38 AM -0400 8/10/07, Stephen Kent wrote:
> During the IETF meeting I spoke with several folks about the 
> question of the scope of the TAM effort.  Derek Atkins said that he 
> didn't see OPGP as benefiting from this work.  I think Mike St' 
> Johns didn't view DNSSEC as a beneficiary either.

With all due respect to Derek and Mike, they do not represent the 
entire OpenPGP- and DNSSEC-using community (and they probably didn't 
pretend to in your conversations with them...). Others from the 
OpenPGP and DNSSEC communities have already given use cases for TAM. 
I am most interested in DNSSEC, where there are obvious political 
problems with a single signed root in many operational environments.

> So, maybe we're trying too hard to make this effort generic, when 
> the primary constituency is X.509-centric, at least for now.

While I don't think we're trying too hard (see Carl's message above), 
I agree that the primary constituency will use PKIX certs below the 
trust anchors.

--Paul Hoffman, Director
--VPN Consortium