[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue with the requirements document: PKIX-centric terminology
First, I don't play cards, so I have none to put on the table :-).
I started contributing to this list on the assumption that we might
need a TAM protocol that is broader than the X.509 context, and thus
a new WG was appropriate. We have never pursed development of a
protocol like this in PKIX because nobody stepped forward to propose
such work. If they had, and if there were sufficient interest, we
would have pursued it in PKIX.
I also am familiar with projects that have developed this sort of
capability in the past; the resulting protocol was focused only on
X.509 certs and raw keys. Those efforts had a fairly clear idea of
their requirements, though getting agreement on them was very tough,
even in a much narrower context.
What I have seen so far on the list is just what I stated in a
previous message: two or more constituencies, each with a different
notion of what TAM means. There seems to be some desire to create a
new WG to see if it can develop a protocol that will accommodate
these possibly divergent goals. Personally I am not in favor of
chartering such WGs, because they also can drag on without progress
as the different constituencies continue to wrangle over what the
Let me give an example. You have argued that we ought not spend more
time trying to nail down a more precise definition of a TA, but
rather move on to other topics for the charter. I worry that the
difficulty we see in agreeing on a definition for TA is indicative of
the problem I noted above. If folks have different ideas of what a TA
is, then maybe they can agree on fuzzy language for what a TAM
protocol should do, given the ambiguity created by a lack of a
precise TA definition. One might be able to charter a WG this way,
because each constituency reads the fuzzy words in the charter
differently, and is convinced that their goals can be addressed by
the WG. Only later do the conflicting views become apparent and
stymie progress. I don't agree with this approach to creating a WG
(even a short-lived one of the sort you favor), in any area.
In my opinion, the repeated references to the need to define tags to
accommodate different types of certs (as well as raw keys) suggests
that folks either have very modest goals for this effort, of they
have not focused on what several of us have discussed as the harder
problems, e.g., defining a policy language to express TAA
constraints, accommodating multiple TAAs for a single device,
describing how the semantics extent in certs like X.509 will be
accommodated by a protocol that purports to be cert-type independent,
Folks who have communicated with me off list have more clearly
articulated notions of what they want in TAM, but they have focused
exclusively on the X.509 context. If the TAM list doesn't manage to
develop consensus on its goals and definitions, then yes, I would
suggest to the folks with whom I've spoken that hey come to PKIX and
ask that WG to adopt a work item that does address their needs.
Hope this answers you question.