Re: Issue with the requirements document: PKIX-centric terminology

[Jon Callas <jon@xxxxxxxxxx>]

On Aug 13, 2007, at 4:17 PM, Stephen Kent wrote:

> > My first observation to the draft-00 was to ask if it was PKIX- 
> > specific. The answer then was that it's not. That's great, to me.  
> > I want this for other certificate types, most specifically  
> > OpenPGP. I have been broader than that because I know people  
> > building systems and considering using SPKI, and they would need  
> > this, too, or have to develop their own, ad-hoc way of doing it.
>
> SPKI is not an IETF standard, and in earlier discussion on the list  
> I think we agreed to not include it.

I remember an argument that it not be included. I remember that  
particular reason being given, and that that reason is a good one.  
However, I also remember the counter-argument, and that argument  
being that since certs-in-DNS includes it, why not TAM, *if* it is  
little more than assigning a constant that places a type on a  
following blob. I also believe that one is a good one. I also  
remember us all agreeing to stop debating, at least implicitly,  
because that's a side issue to the core of TAM.

Nonetheless, I perceive your arguments saying that no other  
certificate system other than X.509 should be under the TAM aegis. I  
perceive that you argued in specific that OpenPGP need not be there,  
citing Mr Atkins, and asking if some one who is actually an  
implementer or author or something to come forward -- as if I, who  
have been here all along, am neither.

I'm happy to debate a generalized certificate theory here, or over a  
beer. For the purposes of TAM, however, my opinions about  
certificates, however interesting anyone finds them, are irrelevant.

The relevance to TAM is solely in saying, "I want TAM for OpenPGP,  
and here's why." I say that as an OpenPGP author, and as an  
implementer of multi-format PKIs.

I think that if TAM becomes X.509-only, that's fine, but it shouldn't  
be chartered as a separate working group, it ought to be a work item  
for PKIX. The whole reason for it being a separate WG would be if  
it's broad enough to have appeal outside of PKIX.

Mind you, if it's PKIX-only, I still want it and need it. I won't go  
away, and it will give me reason to pay attention to PKIX again. (The  
fact that I don't presently is because I think y'all do a fine job  
without me. I trust you.)

To sum up -- you asked for someone in the OpenPGP world to stand up  
and say they want it. Yoo hoo, over here. Me.

	Jon

--
Jon Callas
CTO, CSO
PGP Corporation         Tel: +1 (650) 319-9016
3460 West Bayshore      Fax: +1 (650) 319-9001
Palo Alto, CA 94303     PGP: ed15 5bdf cd41 adfc 00f3
USA                          28b6 52bf 5a46 bc98 e63d