RE: Issue with the requirements document: PKIX-centric terminology

["Thomas Hardjono" <thardjono@xxxxxxxxxxx>]

> -----Original Message-----
> From: owner-ietf-trust-anchor@xxxxxxxxxxxxx 
> [mailto:owner-ietf-trust-anchor@xxxxxxxxxxxxx] On Behalf Of 
> Stephen Kent
> Sent: Thursday, August 16, 2007 9:21 AM
> To: Cat Okita
> Cc: ietf-trust-anchor@xxxxxxxx
> Subject: RE: Issue with the requirements document: 
> PKIX-centric terminology
> 
> 
> At 10:28 PM -0400 8/14/07, Cat Okita wrote:
> >On Fri, 10 Aug 2007, Stephen Kent wrote:
> >>I think we should make decisions about what work to do in the IETF 
> >>based on who participates in the IETF work, not based on who we 
> >>believe may benefit.
> >
> >I think this is the attitude that leads many people to 
> believe that the 
> >IETF is a pointless waste of time.
> >
> >My understanding was that the goals of the IETF include 
> producing well 
> >considered and designed protocols that are a benefit to all, and 
> >readily used by all, not a group of inbred pedants intent 
> only on self-gratification.
> >
> >cheers!
> 
> A great many folks who are not part of the IETF process 
> benefit from the standards we generate. However, unless folks 
> actively participate in the process, there is no way to 
> ensure that external constituencies are well represented.  
> Moreover, someone who claims to represent such a constituency 
> is not intrinsically credible. Thus when we decide the scope 
> of work for a WG, it is common to make decisions based on who 
> chooses to contribute, and to focus on the IETF context. For 
> example, the IETF does not develop security standards 
> targeting the LAN environment unless the IEEE asks us to do so.
> 
> A closer to home example arises in the message Thomas sent recently. 
> He gave several good examples of uses cases for TAM.  
> Included in his list was the TCM context (use case #2) and 
> mobile phones (UC #4). 
> The TCM case might be problematic because the TCG defines how 
> TCMs work and TCG is a closed group (one has to pay a fee and 
> sign an HDA to be a member.)  So, only if all of the relevant 
> documents from TCG are publicly available could we reasonably 
> address this use case. 
> (Having Thomas as a contributor helps since he is the editor 
> of one or more TCG documents that deal with this area!)  The 
> mobile phone use case is likely to be more problematic, as I 
> believe there are no public standards for ALL mobile phones 
> re managing signed code validation, etc.  It may not make 
> sense for us to try to address problems in areas where the 
> IETF has no standing, where there are no public standards, etc.
> 
> Steve


Thanks Steve.

In my several years experience with the TCG, the TCG community typically
prefers to use existing standards from other bodies/organizations like
the IETF and Oasis (instead of re-inventing the wheel).

This is why the TCG several years ago decided on the X.509 standard for
the TPM-related certificates and profiles. Most (if not all) of the
relevant documents for UC#2 are now published documents (available at
the TCG website, under the Specs tab). No need to sign/enter anything to
download :)

In the mobile phone/carrier community, I believe that the Open Mobile
Alliance (OMA) and 3GPP also uses X.509.


/thomas/