At 7:57 AM +0100 12/8/07, Anders Rundgren wrote:
The following is dedicated to the folks who presumably will make TAM a PKIX WG item. Today "remote control" of devices like laptop computers and mobile phones is already a fact. For the latter there is a scheme known as OMA-DM which is used not only for distributing cryptographic keys, but software updates and"registry" settings. I don't really see that trust anchors differ from any other piece of information that an organization wants to securely maintain in their fleetof client computers. "Unmanaged" devices like consumer computers seems to be a white spot but IMO automatic software updates + various services that the browser vendorssupply, essentially do what is technically feasible in assuring that the user isconnecting to a credible site (the #1 problem on the Internet). thanks Anders Rundgren
Anders,OMA is a closed vendor forum, not an open SDO like the IETF. Therefore it is not very likely that we would adopt a solution developed in such a context. Also, because the data structure we deal with in PKIX are natively X.509, ASN.1 is a preferable syntax for defining the TAM model and management protocol. Finally, anytime I hear "registry" I tend to think "Windows," but the IETF is an OS-agnostic SDO. Finally, the TAM model offered in browsers is sorely lacking, as several folks noted on the TAM list. Thus your comment about how this area of the TAM problem being well handled by "... various services that the browser vendors supply ..." suggests a major disconnect with the sentiments expressed on that list by the same set of folks who likely will pursue this work in PKIX.
Since you stated that you have no interest in TAM, please feel free to ignore these observations.
Steve