At 9:18 AM +0300 8/12/07, Yoav Nir wrote:
In Chicago there was some controversy about whether multiple administrators should be in scope. This charter draft says that they're in. I'm not saying they shouldn't be, but it does add complexity.If they're in, we need to answer big questions: - If TAA1 adds a TA, can TAA2 delete it?
if we allow creating a hierarchy )or even a lattice) of TAAs, then once cannot answer this question without knowing the relationships of TAA1 and TAA2.
- If no, should there be "hard-delete" where it does delete it?
define "hard delete"
- If TAA1 adds a TA, and then TAA2 adds it again, and then TAA1 deletes it, is it there or not?
this already presumes that the addition you mention is idempotent, somethign we have yet to deciude.
- Should TAA2 be able to query TAs added by TAA1?- Should we have a delete-all command (I think that's necessary for the store-and-forward scenario) - How does delete-all interact with multiple TAAs? Do we need a hard-delete-all?I would answer these questions no, yes, yes, yes, yes and yes, but these are far from trivial.I think these and other issues suggest we should split the TAMP protocol deliverables into two documents: one to deal with the protocol, formats, encoding (XML/ASN.1) and the online/offline case. The other document should deal with trust anchor store operations: how the database is structured and what it does with the various commands.Yoav
how about one to agree on the requirements first :-), before we define the syntax and semantics?
Steve