[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft Charter

To: Stephen Kent <kent@xxxxxxx>
Subject: Re: Draft Charter
From: Paul Hoffman <paul.hoffman@xxxxxxxx>
Date: Fri, 10 Aug 2007 17:25:48 -0700
Cc: <turners@xxxxxxxx>, <ietf-trust-anchor@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
References: <> <> <> <>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx


At 4:41 PM -0400 8/10/07, Stephen Kent wrote:

At 1:21 PM -0700 8/10/07, Paul Hoffman wrote:
... the TAA.
- Supporting multiple trust anchor administrators, such as istypical for home
  users
Why do we believe it is common for a home user to need multiple TAadministrators?
I would be happy if we swapped "individual" for "home". If needed,we can add text such as "For example, they may want their employersand their banks to act as trust anchor administrators."
Ah, I see your point. If I can appropriately constrain the impact ofwhat a TAA can do, I can safely let others be TAAs for my machine.That seems right for my home machine, but for a company-ownedmachine the roles probably are reversed, i.e., the employer is incharge and will allow the employee limited control over TAs.

Exactly right. From the TAA's point of view, there are two choices:"I control everything in his store" and "I share control of his storewith unknown others". We don't have to choose the second way, but Ithink the overhead of doing so is worth the benefit of many morepotential use cases.

- Supporting devices with limited or no user interface that may ormay not have connectivity to the Internet
a simple typo fix, but if a deliverable is a TA managementprotocol, then why do we worry about devices that have no Internetconnectivity?
Protocols do not require Internet connectivity. End-to-end email isa good example of that.
Good point. We may want to define protocols that can use stageddelivery, even if there is no network involved. If that's theintent, the bullet could be a bit clearer, e.g., if we want todefine protocols that work even if we deliver messages via a USBtoken from a source to a destination. However, I note that aprotocol of that sort is likely to be more complex than one thatassumes use of lower layer network protocols, even staged deliveryones.

Fully disagree. We can decouple the format from how one hands theobject to the next party. This is akin to defining CMS separate fromS/MIME.


--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: Draft Charter
  - From: Stephen Kent

References:
- Draft Charter
  - From: Turner, Sean P.
- Re: Draft Charter
  - From: Stephen Kent
- Re: Draft Charter
  - From: Paul Hoffman
- Re: Draft Charter
  - From: Stephen Kent

Prev by Date: Re: Draft Charter
Next by Date: Re: Issue with the requirements document: PKIX-centric terminology
Previous by thread: Re: Draft Charter
Next by thread: Re: Draft Charter
Index(es):
- Date
- Thread