[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft Charter

To: Yoav Nir <ynir@xxxxxxxxxxxxxx>, ietf-trust-anchor@xxxxxxxx
Subject: Re: Draft Charter
From: Paul Hoffman <paul.hoffman@xxxxxxxx>
Date: Sun, 12 Aug 2007 09:55:11 -0700
In-reply-to: <26D8BDE7-D21D-4B85-97D5-08FF26EF76B9@xxxxxxxxxxxxxx>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
References: <> <26D8BDE7-D21D-4B85-97D5-08FF26EF76B9@xxxxxxxxxxxxxx>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx


At 9:18 AM +0300 8/12/07, Yoav Nir wrote:

In Chicago there was some controversy about whether multipleadministrators should be in scope. This charter draft says thatthey're in. I'm not saying they shouldn't be, but it does addcomplexity.

Indeed. But the complexity might be able to be contained with verydifferent assumptions than the ones you made.

If they're in, we need to answer big questions:
- If TAA1 adds a TA, can TAA2 delete it?
- If no, should there be "hard-delete" where it does delete it?
- If TAA1 adds a TA, and then TAA2 adds it again, and then TAA1deletes it, is it there or not?
- Should TAA2 be able to query TAs added by TAA1?
- Should we have a delete-all command (I think that's necessary forthe store-and-forward scenario)- How does delete-all interact with multiple TAAs? Do we need ahard-delete-all?
I would answer these questions no, yes, yes, yes, yes and yes, butthese are far from trivial.

This takes the view that the TAAs "add" and "delete" TAs. A verydifferent view, one that makes things a lot simpler, is that TAAspropose additions and deletions, and the software for the recipientof those proposals chooses whether or not to act on those proposals.As I said at the mic in Chicago, I'm not suggesting that end usersneed to think about each TAA action; they can just make policydecisions and let the software act accordingly.

For example, assume that the user has the setting "TAA1 is moreimportant than TAA2". Then, in your examples:

- If TAA1 adds a TA, can TAA2 delete it?

No.

- If no, should there be "hard-delete" where it does delete it?

No. I would be against having various strengths of "add" and"delete"; no one will be able to figure them out.

- If TAA1 adds a TA, and then TAA2 adds it again, and then TAA1deletes it, is it there or not?


It is not.

- Should TAA2 be able to query TAs added by TAA1?

Yes. A simpler and more general mechanism is that any TAA can querythe TA store, and that store says which TAA added each TA.

- Should we have a delete-all command (I think that's necessary forthe store-and-forward scenario)

No. That would leave the user with no one to trust, including theparty that issued the delete-all. The TAM software should never leavethe user with no TAs except under dire circumstances.

- How does delete-all interact with multiple TAAs? Do we need ahard-delete-all?


Moot; see above.

I believe that most users who have multiple TAAs could set an orderfor precedence to them. I also think writing software to act on theprecedence is quite straightforward: the two rules are "only allowdelete proposals from TAAs at the same level or higher as the TAA whoadded this TA" and "if a TA has been deleted, only allow it to bere-added by a TAA at the same level or higher than the one whodeleted it".


Does this simplification seem like a good one?

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: Draft Charter
  - From: Yoav Nir
- Re: Draft Charter
  - From: Stephen Kent

References:
- Draft Charter
  - From: Turner, Sean P.
- Re: Draft Charter
  - From: Yoav Nir

Prev by Date: Re: Draft Charter
Next by Date: RE: Draft Charter
Previous by thread: Re: Draft Charter
Next by thread: Re: Draft Charter
Index(es):
- Date
- Thread