[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: TAM as a new WG item?

To: <ietf-pkix@xxxxxxx>
Subject: RE: TAM as a new WG item?
From: "Sharon Boeyen" <sharon.boeyen@xxxxxxxxxxx>
Date: Thu, 13 Dec 2007 13:43:43 -0500
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: Acg3aoN+59TBOyPRRRmStcSOJxctQQGTYKnw
Thread-topic: TAM as a new WG item?

 I support adopting TAM as a work item in the PKIX WG.

-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]
On Behalf Of Stephen Kent
Sent: Wednesday, December 05, 2007 12:47 PM
To: ietf-pkix@xxxxxxx
Subject: TAM as a new WG item?

At the PKIX meeting this week we hosted a presentation on trust anchor
management (TAM).  The presentation described a rich trust anchor (TA)
model and a management protocol expressed in an ASN.1 syntax.  The model
accommodates three types of TAs, and an authorization scheme for
managing TAs and other signed objects that might be associated with a
crypto module (a hardware or software implementation of crypto
capabilities managed by one of more administrative entities). The
protocol accommodates both online and offline (staged delivery)
management of a module, i.e., it is transport independent and does not
require realtime connectivity.

TAM is obviously of interest to PKIX members, as we make use of TAs for
cert path discovery and validation. However, TAs can be used in more
general contexts as well, e.g., for directly validating signatures on
CMS objects. Moreover, the issue of TA management is potentially broader
than just the X.509 context, i.e., one could imagine developing a TA
model and protocol that deals with other cert types (e.g., PGP) and with
public (signature) keys independent of certs.  Despite the important
role that TAs play in PKIX-based implementations, the WG has never
adopted a work item to develop a model for the management of TAs, nor
specified a protocol for remote TA management.

At the 69th IETF meeting there was a BoF to explore creating a new WG to
pursue development of a TA model and associated remote management
protocol, and a mailing list was established to develop a charter, etc.
Tim Polk has decided that there is not critical mass to create a
separate WG for this purpose. However, Tim is willing to have PKIX take
on the effort as a new work item. If we do adopt this as a work item, we
will focus on TAs primarily in the X.509 context,consistent with the
PKIX charter.

At the WG meeting in Vancouver this week I asked the room if there were
any objections to PKIX adopting this a work item, given that we have
permission from Tim to do so. Two folks voiced objections; both agreed
that pursuing TAM was important, but preferred creation of a new WG for
the task. However, that option is not on the table at this time and thus
is not a subject of the straw poll noted below.

So I am calling for a straw poll in PKIX to gauge interest in pursing
this topic. The poll begins today and will end in two weeks, on 12/19.
Please examine the presentation slides to get a sense of what work has
been done already: 
http://www3.ietf.org/proceedings/07dec/slides/pkix-2.pdf

Thanks,

Steve

References:
- TAM as a new WG item?
  - From: Stephen Kent

Prev by Date: Satisfy her!
Previous by thread: Yes [RE: TAM as a new WG item?]
Next by thread: Re: TAM as a new WG item?
Index(es):
- Date
- Thread