[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: TAM is a deal done? Was: TAM as a new WG item?

We have a solution for a problem, but nobody agrees on what the problem is.
 
Could the peole wishing to have TAM accepted, write down what the problems to be solved are ?
Could they provide in two or three sentences what would need to be developed ?
 
Thanks,
 
Denis
 
As one of the people who has wanted to close the group for some time I am less worried about this particular extension than others.
 
I have wanted to see the group close because it seemed the only way to get closure on some of the drafts. Now that pretty much everything is in queue and looks set to complete I am not really concerned about that.
 
It seems to me that what we have here is a choice between creating a new group to progress TAM independently and doing it in PKIX. Either way the same set of folk are involved.
 
The only reason for not doing TAM in PKIX is to shut the WG down completely which is going to be a problem until we work out how we are going to manage long term maintenance of cryptographic algorithms and protocols. The IETF model might work at the IP layer where you want finality. But application protocols and in particular security protocols need ongoing maintenance.
 
The W3C has exactly the same problem, as does OASIS.
 
TAM is a three to five year commitment minimum. If we are going to do useful work here we have to face the fact up front. Haste makes for long delays. Every time someone says 'we can't think about that because we are on a tight schedule' I know that its going to take twice as long as it needs to.
 
Starting TAM in PKIX does not mean having to punt on the maintenance question. Once we get TLS, S/MIME etc over the algorithm agility issues perhaps we decide that both of them plus the bulk of PKIX go off to some new maintenance activity and split off TAM into a different group. It gives us a bit more time to think about it.
 
 
What I do have concerns about with TAM is that the use cases and motivating application are not exactly clear to me. I think that in order to get to a useful conversation we are going to have to transpose the discussion into a different domain of application where we all understand the concrete security risks.
 
I want use cases of the form Alice buys a network enabled lightswitch and wants to add it to her network.
 
I have a second reason for wanting to take that approach. Experience strongly suggests that military grade cryptography is much easier than consumer. In military applications you can cover up the deficiencies by ordering people to use it. Sometimes it works and sometimes the director of the CIA gives the key to his study containing all his top secret documents to his cleaning lady...

From: owner-ietf-pkix@xxxxxxxxxxxx on behalf of Russ Housley
Sent: Sat 08/12/2007 10:03 AM
To: Anders Rundgren; ietf-pkix@xxxxxxx
Subject: Re: TAM is a deal done? Was: TAM as a new WG item?


There was a lot of support for adding this work item to PKIX, but the
proposed text for the rechartering of the WG has not been sent to the
IESG for approval yet.

Russ


At 01:57 AM 12/8/2007, Anders Rundgren wrote:

>The following is dedicated to the folks who presumably will make TAM
>a PKIX WG item.
>
>Today "remote control" of devices like laptop computers and mobile phones
>is already a fact.  For the latter there is a scheme known as OMA-DM which
>is used not only for distributing cryptographic keys, but software updates and
>"registry" settings.   I don't really see that trust anchors differ
>from any other
>piece of information that an organization wants to securely maintain
>in their fleet
>of client computers.
>
>"Unmanaged" devices like consumer computers seems to be a white spot but
>IMO automatic software updates + various services that the browser vendors
>supply, essentially do what is technically feasible in assuring that
>the user is
>connecting to a credible site (the #1 problem on the Internet).
>
>thanks
>Anders Rundgren