Re: Issue with the requirements document: PKIX-centric terminology

[Stephen Kent <kent@xxxxxxx>]

Steve,

First, I don't play cards, so I have none to put on the table :-).

I started contributing to this list on the assumption that we might 
need a TAM protocol that is broader than the X.509 context, and thus 
a new WG was appropriate. We have never pursed development of a 
protocol like this in PKIX because nobody stepped forward to propose 
such work.  If they had, and if there were sufficient  interest, we 
would have pursued it in PKIX.

I also am familiar with projects that have developed this sort of 
capability in the past; the resulting protocol was focused only on 
X.509 certs and raw keys. Those efforts had a fairly clear idea of 
their requirements, though getting agreement on them was very tough, 
even in a much narrower context.

What I have seen so far on the list is just what I stated in a 
previous message: two or more constituencies, each with a different 
notion of what TAM means. There seems to be some desire to create a 
new WG to see if it can develop a protocol that will accommodate 
these possibly divergent goals. Personally I am not in favor of 
chartering such WGs, because they also can drag on without progress 
as the different constituencies continue to wrangle over what the 
problem is.

Let me give an example. You have argued that we ought not spend more 
time trying to nail down a more precise definition of a TA, but 
rather move on to other topics for the charter.  I worry that the 
difficulty we see in agreeing on a definition for TA is indicative of 
the problem I noted above. If folks have different ideas of what a TA 
is, then maybe they can agree on fuzzy language for what a TAM 
protocol should do, given the ambiguity created by a lack of a 
precise TA definition. One might be able to charter a WG this way, 
because each constituency reads the fuzzy words in the charter 
differently, and is convinced that their goals can be addressed by 
the WG. Only later do the conflicting views become apparent and 
stymie progress.  I don't agree with this approach to creating a WG 
(even a short-lived one of the sort you favor), in any area.

In my opinion, the repeated references to the need to define tags to 
accommodate different types of certs (as well as raw keys) suggests 
that folks either have very modest goals for this effort, of they 
have not focused on what several of us have discussed as the harder 
problems, e.g., defining a policy language to express TAA 
constraints, accommodating multiple TAAs for a single device, 
describing how the semantics extent in certs like X.509 will be 
accommodated by a protocol that purports to be cert-type independent, 
etc.

Folks who have communicated with me off list have more clearly 
articulated notions of what they want in TAM, but they have focused 
exclusively on the X.509 context. If the TAM list doesn't manage to 
develop consensus on its goals and definitions, then yes, I would 
suggest to the folks with whom I've spoken that hey come to PKIX and 
ask that WG to adopt a work item that does address their needs.

Hope this answers you question.

Steve