[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: TAM is a deal done? Was: TAM as a new WG item?

To: Anders Rundgren <anders.rundgren@xxxxxxxxx>
Subject: RE: TAM is a deal done? Was: TAM as a new WG item?
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Wed, 12 Dec 2007 16:56:13 -0500
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

If you think there is provisioning work to be done, bring one of thereferenced protocols to the attention of the WG and see if there isinterest. Of course, it would need to be from someone that wants toturn change control over to the IETF.


Russ

> -----Original Message-----
> From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-
> pkix@xxxxxxxxxxxx] On Behalf Of Anders Rundgren
> Sent: den 9 december 2007 00:11
> To: Massimiliano Pala; ietf-pkix@xxxxxxx
> Subject: Re: TAM is a deal done? Was: TAM as a new WG item?
>
>
> Max,
> Since I have no interest in TAM, feel free to ignore my
> long-winding comment :-)
>
> Personally I find it odd that the PKI community (not limited to
> PKIX) considers TAM more important than the design of an
> on-line provisioning protocol for the mass-market in spite of
> the fact that on-line provisioning is already supplying millions
> of e-gov and on-line bank users with certificates in the EU.
> Existing schemes (e.g. CRMF) are quite dysfunctional (no PKI
> provisioning scheme support PIN policies to take an example)
> which has led to the use of proprietary protocols for this task.
>
> OMA-DM:
> I don't think the mobile phone vendors see much value in
> creating RFCs for something they have already done.
>
> XML:
> I have a hard to envioning a device that can connect to a
> wireless network (the sensor you mentioned), and perform
> PKI operations but not digest XML.
>
> General Standards Concerns:
> I hope nobody mind, but unless you believe there is a value
> having your name on an RFC even if it is just collecting dust
> on an IETF server, I would start with doing some market
> research before taking on a new task.  In such a venture you
> would need to identify which vendors that are likely to support
> the RFC as well as what organizations that would use it.
>
> Microsoft:
> Although I have no expertise in enterprise software distribution
> systems like provided by Microsoft, I have a strong feeling
> that these can (or could with little extra work), update TAs
> in the same way as they can deploy anti-virus updates and
> security settings.  PKIX co-chair Stefan Santesson ought to be
> able to give some feedback here...
>
> SCVP vs TAM:
> PKIX has recently finished SCVP.  It will be quite costly for
> vendors of e-mail clients supporting this complicated protocol
> (which I at least principally believes addresses a real need).
> There is a big risk that the very same vendors will not support
> TAM because SCVP essentially solves the "same problem",
> although in another way.
>
> That's why I am rather working with on-line key provisioning.
> It is already in big use, works pretty bad, is completely non-
> standard, and is generally poorly understood.   The 3Bn+ (and
> counting) mobile phone users seems to be a market worth considering!
>
> Regards
> Anders
>
> ----- Original Message -----
> From: "Massimiliano Pala" <pala@xxxxxxxxxxxxxxxx>
> To: <ietf-pkix@xxxxxxx>
> Sent: Saturday, December 08, 2007 09:08
> Subject: Re: TAM is a deal done? Was: TAM as a new WG item?
>
>
> Hi Anders,
>
> the question is: how does this OMA-DM stand in respect of IETF ? Has it
> been
> submitted as I-D or as any other form of contribution ?
>
> Moreover as I understand this is based on XML which could be not the
> best
> choice for small devices (no, not mobile phones.. smaller devices like
> sensors... )
>
> Anyhow, I would like to see a proposal for an rfc (if the people that
> developed
> the OMA-DM are interesting in having it standardized within the IETF)
> before saying that this is a "deal done"...
>
> Maybe it could be a *starting point* together with the current
> proposal..
> (do you know of any patents/IP pending ?)
>
> BTW, I do really disagree with you when you say that trust anchors
> don't
> differ from other piece of information... they are far more important
> than
> a single configuration/etc.. and their distribution can impact across
> different organizations and VOs. An important aspect that we should
> address
> is the level of involvement of the user: in some environment it is
> acceptable
> that the organization controls the TAs, in some others the user should
> always
> be in control over its own computer (!!!!).
>
> Later,
> Max
>
>
> Anders Rundgren wrote:
> > The following is dedicated to the folks who presumably will make TAM
> > a PKIX WG item.
> >
> > Today "remote control" of devices like laptop computers and mobile
> phones
> > is already a fact.  For the latter there is a scheme known as OMA-DM
> which
> > is used not only for distributing cryptographic keys, but software
> updates and
> > "registry" settings.   I don't really see that trust anchors differ
> from any other
> > piece of information that an organization wants to securely maintain
> in their fleet
> > of client computers.
> >
> > "Unmanaged" devices like consumer computers seems to be a white spot
> but
> > IMO automatic software updates + various services that the browser
> vendors
> > supply, essentially do what is technically feasible in assuring that
> the user is
> > connecting to a credible site (the #1 problem on the Internet).
> >
> > thanks
> > Anders Rundgren
> >

Prev by Date: Re: another possible work item (PRQP)
Next by Date: Good presents for X-mas
Previous by thread: RE: RE: TAM is a deal done? Was: TAM as a new WG item?
Next by thread: draft liaison response re DR 320
Index(es):
- Date
- Thread