[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TAM as a new WG item?

To: ietf-pkix@xxxxxxx
Subject: TAM as a new WG item?
From: Stephen Kent <kent@xxxxxxx>
Date: Wed, 5 Dec 2007 12:46:32 -0500
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At the PKIX meeting this week we hosted a presentation on trustanchor management (TAM). The presentation described a rich trustanchor (TA) model and a management protocol expressed in an ASN.1syntax. The model accommodates three types of TAs, and anauthorization scheme for managing TAs and other signed objects thatmight be associated with a crypto module (a hardware or softwareimplementation of crypto capabilities managed by one of moreadministrative entities). The protocol accommodates both online andoffline (staged delivery) management of a module, i.e., it istransport independent and does not require realtime connectivity.

TAM is obviously of interest to PKIX members, as we make use of TAsfor cert path discovery and validation. However, TAs can be used inmore general contexts as well, e.g., for directly validatingsignatures on CMS objects. Moreover, the issue of TA management ispotentially broader than just the X.509 context, i.e., one couldimagine developing a TA model and protocol that deals with other certtypes (e.g., PGP) and with public (signature) keys independent ofcerts. Despite the important role that TAs play in PKIX-basedimplementations, the WG has never adopted a work item to develop amodel for the management of TAs, nor specified a protocol for remoteTA management.

At the 69th IETF meeting there was a BoF to explore creating a new WGto pursue development of a TA model and associated remote managementprotocol, and a mailing list was established to develop a charter,etc. Tim Polk has decided that there is not critical mass to createa separate WG for this purpose. However, Tim is willing to have PKIXtake on the effort as a new work item. If we do adopt this as a workitem, we will focus on TAs primarily in the X.509 context,consistentwith the PKIX charter.

At the WG meeting in Vancouver this week I asked the room if therewere any objections to PKIX adopting this a work item, given that wehave permission from Tim to do so. Two folks voiced objections; bothagreed that pursuing TAM was important, but preferred creation of anew WG for the task. However, that option is not on the table at thistime and thus is not a subject of the straw poll noted below.

So I am calling for a straw poll in PKIX to gauge interest in pursingthis topic. The poll begins today and will end in two weeks, on12/19. Please examine the presentation slides to get a sense of whatwork has been done already:http://www3.ietf.org/proceedings/07dec/slides/pkix-2.pdf


Thanks,

Steve

Follow-Ups:
- Re: TAM as a new WG item?
  - From: max pritikin
- RE: TAM as a new WG item?
  - From: Sharon Boeyen
- Yes [RE: TAM as a new WG item?]
  - From: Singer, Michael M (US SSA)
- TAM is a deal done? Was: TAM as a new WG item?
  - From: Anders Rundgren
- Re: TAM as a new WG item?
  - From: Sanjaya
- Re: TAM as a new WG item?
  - From: Massimiliano Pala
- Re: TAM as a new WG item?
  - From: Russ Housley
- RE: TAM as a new WG item?
  - From: Peter Hesse
- RE: TAM as a new WG item?
  - From: Santosh Chokhani
- RE: TAM as a new WG item?
  - From: Turner, Sean P.

Prev by Date: meeting minutes uploaded
Next by Date: RE: TAM as a new WG item?
Previous by thread: meeting minutes uploaded
Next by thread: RE: TAM as a new WG item?
Index(es):
- Date
- Thread