[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue with the requirements document: PKIX-centric terminology

To: "Turner, Sean P." <turners@xxxxxxxx>
Subject: RE: Issue with the requirements document: PKIX-centric terminology
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 17 Aug 2007 13:08:46 -0400
Cc: <ietf-trust-anchor@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
References: <AE1B6FDD5E39704DB2F38B6FC77D59A2011CB148@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <> <20070814222421.Y34125@xxxxxxxxxxxxxxxxxx> <> <> <> <>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx


At 3:24 PM -0400 8/16/07, Turner, Sean P. wrote:

...

I think we should consciously try to accommodate use cases even if they're
based on non-public scenarios - if the folks "representing" those other
organizations/standards want to work on TAM.  Some of this might be growing
pains for the IETF, but maybe a liaison should be formed with groups like
TCG/TPM that want to work on it and that want to use the outcome?

The IETF does establish liaisons with other SDOs, prior to doingwork. We have such relationships with ITU, IEEE, and, I think, theW3C, for example. I don't think we have one with TCG. I couldn't tellfrom the text above if you were aware of these relationships.

One problem is that, absent such a relationship, it can be hard todetermine if someone really represents another group, although thereare exceptions. For example, PKIX has worked with "representatives"from ETSI, where I believe no formal IETF liaison exists. However,if the individual chairs a relevant ETSI group, or is the author ofseveral ETSI documents and wants to coordinate another such documentwith PKIX, we have sufficient basis for treating the individual as avalid representative, informally. I would expect other WGs operatesimilarly.

The second question is the interesting one.  Doesn't it come down to if you
want to play with the sand in the IETF sandbox, then the IETF wins the
arguments? I guess I think it does. It would be hard for me to swallow a
decision that threw an IETF "requirement" off the raft for a non-IETF
"requirement."


no disagreement there.

Then again - if we design a basic protocol with extensions I guess I could
see a scenario where it wouldn't work for everyone, but I can also see lots
of other scenarios where they (who ever didn't win the argument) take some
kind of "hit" (i.e., they don't get it exactly their way) to do the
"standard" TAM.

Extensions are the bane of security protocols. For example, we havehad bad experiences with them in OCSP. We see that X.509 extensionscan either be focused and useful, or committee compromises that addcomplexity but are rarely used or supported.

If we create a protocol that is largely a shell, to be broadlyaccommodating, and one has to define context-specific extensions forX.509, OPGP, DNSSEC, etc., then it remains to be seen how useful thecommon shell will be.


Steve

References:
- RE: Issue with the requirements document: PKIX-centric terminology
  - From: Thomas Hardjono
- RE: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Kent
- RE: Issue with the requirements document: PKIX-centric terminology
  - From: Cat Okita
- RE: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Kent
- RE: Issue with the requirements document: PKIX-centric terminology
  - From: Turner, Sean P.
- RE: Issue with the requirements document: PKIX-centric terminology
  - From: Stephen Kent
- RE: Issue with the requirements document: PKIX-centric terminology
  - From: Turner, Sean P.

Prev by Date: RE: Draft Charter
Previous by thread: RE: Issue with the requirements document: PKIX-centric terminology
Next by thread: Re: Issue with the requirements document: PKIX-centric terminology
Index(es):
- Date
- Thread