RE: Issue with the requirements document: PKIX-centric terminology

["Turner, Sean P." <turners@xxxxxxxx>]

>-----Original Message-----
>From: owner-ietf-trust-anchor@xxxxxxxxxxxxx 
>[mailto:owner-ietf-trust-anchor@xxxxxxxxxxxxx] On Behalf Of 
>Stephen Kent
>Sent: Thursday, August 16, 2007 12:21 PM
>To: Cat Okita
>Cc: ietf-trust-anchor@xxxxxxxx
>Subject: RE: Issue with the requirements document: 
>PKIX-centric terminology
>
>
>At 10:28 PM -0400 8/14/07, Cat Okita wrote:
>>On Fri, 10 Aug 2007, Stephen Kent wrote:
>>>I think we should make decisions about what work to do in the IETF 
>>>based on who participates in the IETF work, not based on who we 
>>>believe may benefit.
>>
>>I think this is the attitude that leads many people to 
>believe that the 
>>IETF is a pointless waste of time.
>>
>>My understanding was that the goals of the IETF include 
>producing well 
>>considered and designed protocols that are a benefit to all, and 
>>readily used by all, not a group of inbred pedants intent 
>only on self-gratification.
>>
>>cheers!
>
>A great many folks who are not part of the IETF process 
>benefit from the standards we generate. However, unless folks 
>actively participate in the process, there is no way to ensure 
>that external constituencies are well represented.  Moreover, 
>someone who claims to represent such a constituency is not 
>intrinsically credible. Thus when we decide the scope of work 
>for a WG, it is common to make decisions based on who chooses 
>to contribute, and to focus on the IETF context. For example, 
>the IETF does not develop security standards targeting the LAN 
>environment unless the IEEE asks us to do so.
>
>A closer to home example arises in the message Thomas sent recently. 
>He gave several good examples of uses cases for TAM.  Included 
>in his list was the TCM context (use case #2) and mobile 
>phones (UC #4). 
>The TCM case might be problematic because the TCG defines how 
>TCMs work and TCG is a closed group (one has to pay a fee and 
>sign an HDA to be a member.)  So, only if all of the relevant 
>documents from TCG are publicly available could we reasonably 
>address this use case. 
>(Having Thomas as a contributor helps since he is the editor 
>of one or more TCG documents that deal with this area!)  The 
>mobile phone use case is likely to be more problematic, as I 
>believe there are no public standards for ALL mobile phones re 
>managing signed code validation, etc.  It may not make sense 
>for us to try to address problems in areas where the IETF has 
>no standing, where there are no public standards, etc.
>
>Steve

Steve,

If we don't include their documents as a normative reference does this still
hold true?  We don't expect everybody that might use TAM deliverables to
have publiclly available documents for their architectures, etc. We do
expect and want people to come and contribute to the work - but the oneous
is on them to see that it supports their use cases.

spt