[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Issue with the requirements document: PKIX-centric terminology

To: Paul Hoffman <paul.hoffman@xxxxxxxx>
Subject: Re: Issue with the requirements document: PKIX-centric terminology
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Wed, 15 Aug 2007 00:14:54 +0200
Cc: ietf-trust-anchor@xxxxxxxx
In-reply-to: <> (Paul Hoffman's message of "Tue\, 14 Aug 2007 12\:26\:25 -0700")
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <> <> <886F5D4C78AFB14D87261206BFB9612E1D31D34D@xxxxxxxxxxxxxxxxxxxxx> <> <> <46BCC0CC.2040805@xxxxxxxxx> <C1EDAC0E-3925-4B94-B054-D7804571801C@xxxxxxxxxx> <> <DBBD7A7F-08B5-4005-A68F-6A9690DC05C0@xxxxxxxxxx> <>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Paul Hoffman <paul.hoffman@xxxxxxxx> writes:

> Further, I want to emphasize that TAM should be able to pass bare
> public keys and not require them to be PKIX-wrapped certs. There are
> lots of use cases where keys are more appropriate than a cert, and the
> semantics will be much clearer.

I agree, I think TAM should support bare public keys.

Another closely related use-case that I believe is relevant that haven't
been mentioned is SECSH.  Or have people dismissed SECSH in this context
for some reason that I'm not seeing?

Btw, I'm also supportive of TAM including OpenPGP.  I don't see TAM as
something very exciting if it is PKIX only.  Useful, but not as useful.

As I understand it, the issue here seems to be more about terminology
problems and allocating a typed-hole for various technologies (like
certs-in-dns), rather than two (or more) fundamentally different
technical solutions.  As such, I think the effort required to
accommodate everyone is relatively low.

/Simon

References:
- Issue with the requirements document: PKIX-centric terminology
  - From: Paul Hoffman
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Kent
- RE: Issue with the requirements document: PKIX-centric terminolog y
  - From: Carl Wallace
- RE: Issue with the requirements document: PKIX-centric terminology
  - From: Paul Hoffman
- RE: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Kent
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Farrell
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Jon Callas
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Kent
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Jon Callas
- Re: Issue with the requirements document: PKIX-centric terminology
  - From: Paul Hoffman

Prev by Date: Re: Issue with the requirements document: PKIX-centric terminology
Next by Date: Re: Issue with the requirements document: PKIX-centric terminology
Previous by thread: Re: Issue with the requirements document: PKIX-centric terminology
Next by thread: More specific examples (use-cases of TAM) -- RE: Issue with the requirements document: PKIX-centric terminology
Index(es):
- Date
- Thread