[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Asessment of TAMP with vendor hat on

To: Stefan Santesson <stefans@xxxxxxxxxxxxx>
Subject: RE: Asessment of TAMP with vendor hat on
From: Stephen Kent <kent@xxxxxxx>
Date: Mon, 17 Dec 2007 13:55:53 -0500
Cc: "ietf-pkix@xxxxxxx" <ietf-pkix@xxxxxxx>
In-reply-to: <9F11911AED01D24BAA1C2355723C3D320A10F3756A@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx osoft.com>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <9F11911AED01D24BAA1C2355723C3D320A10F36C10@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx osoft.com> <82D5657AE1F54347A734BDD33637C8790A0908FA@xxxxxxxxxxxxxxxxxxxxxxxx> <9F11911AED01D24BAA1C2355723C3D320A10F36C45@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx osoft.com> <82D5657AE1F54347A734BDD33637C8790A0FBE59@xxxxxxxxxxxxxxxxxxxxxxxx> <9F11911AED01D24BAA1C2355723C3D320A10F3756A@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx osoft.com>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


Stefan,

A few of observations about you TAM comments, many of which may havebeen stated by others, since I am late in responding:

- you are right that the presentation we saw in Vancouverfocused on a solution, not a problem statement. PKIX will need tostart with a problem statement (or a requirements I-D) that the WGagrees upon. There was considerable discussion of the problemstatement on the TAM mailing list. I think we can start from the mostrecent iteration there, but this will need to be developed in thecontext of PKIX, i.e., we are not rubber stamping what was donebefore.

- we need an interoperable solution, in typical IETF style,so whatever Microsoft or other vendors have done may be useful asinput, but it probably is not a substitute for a IETF standard.

- there were suggestions on the TAM list that offlinemanagement was needed. So any solution that relies on liveconnectivity is not sufficient, IF the WG agrees with this as arequirement.

- the TAM list also indicated a desire to have a flexiblemanagement capability, in which one TA, with ultimate responsibilityfor the managed object, can delegate authority to other entities tomanage TAs with constrained scope. My quick read of what youdescribed as the MS management capability did not seem to accommodatethis sort of delegation. Again, if PKIX decides this is a realrequirement, that motivates developed of a more sophisticatedmanagement framework.

- in certain contexts the receipt capability seems useful, asdoes the ability to query a managed device to determine which TAs areinstalled, etc. Again, we'll have to see whether these are featuresthat the WG agrees are needed. If so, then they motivate arequest/response protocol model.

- the secure TA replacement function defined in TAMP seems tobe attractive, and hopefully not patent encumbered, and would be anice feature for PKIs to have, although I agree that it could beaccommodated as a cert extension without the rest of TAMP.


Steve

Follow-Ups:
- RE: Asessment of TAMP with vendor hat on
  - From: Stefan Santesson

References:
- RE: Asessment of TAMP with vendor hat on
  - From: Santosh Chokhani
- RE: Asessment of TAMP with vendor hat on
  - From: Santosh Chokhani

Prev by Date: Re: Asessment of TAMP with vendor hat on
Next by Date: Re: draft liaison response re DR 320
Previous by thread: Re: Asessment of TAMP with vendor hat on
Next by thread: RE: Asessment of TAMP with vendor hat on
Index(es):
- Date
- Thread