Re: Issue with the requirements document: PKIX-centric terminology

[Stephen Farrell <stephen.farrell@xxxxxxxxx>]

Stephen Kent wrote:
> At 8:47 PM +0100 8/10/07, Stephen Farrell wrote:
> > Hi Steve,
> >
> > You seem to prefer that this work be scoped so as to be limited
> > to x.509 TAs only.
> >
> > I'm just wondering if you see any specific benefit to that, or
> > if its just that you've not seen specific enough reasons to want
> > to support more than x.509?
> >
> > (From my p-o-v, I guess I'd argue that any TA related work starting
> > in 2008 shouldn't only support x.509.)
> >
> > S.
>
> 1. I noted in my comments on the problem statement that it was 
> essentially X.509-centric, with just lip service to other contexts. This 
> says that we will have to work hard(er) to create a problem statement 
> that is truly inclusive, and this is not just fluff.
>
> 2. I have not seen specific, well-reasoned comments on the problem 
> statement from the other communities we might try to encompass. We need 
> that input, and a corresponding expression of a willingness to work on 
> the problem, to justify the effort to get #1 right :-).
>
> 3. So far the greatest interest seems to have been shown by folks who 
> are focused on the X.509 arena, which suggests that this ought to be the 
> first priority. It's always tempting to say that we will scope an effort 
> to not exclude other contexts where we can envision a solution might be 
> applicable, but that tends to make it even harder to make progress in 
> the area that we agree ought to be the highest priority. 

The above seems quite reasonable to me.

> I think our
> difficult in writing a good definition of a TA is indicative of the sort 
> of additional work we incur when we try to broaden the scope.

Well, there's also the fact that we're quite a picky crowd - personally
I reckon that most of the people on this list, and those who spoke in
Chicago, all know well what we mean by a TA. Getting all those same
people to agree on one set of words will always be tedious.

> None of this means we can't decide to address more than the X.509 
> context, but it may suggest that we ought not adopt a broader scope by 
> default.

Possibly. x.509 is clearly the major use case, but I'd at least like
any protocol to have the same level of flexibility as, say, TLS has
to support other infrastructures if they emerge. That doesn't require
a lot of overhead IMO.

But, your main point is correct - if there are people with real
non-x.509 use cases they really should speak up now before a WG is
chartered (or re-chartered).

S.