[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Asessment of TAMP with vendor hat on

To: <ietf-pkix@xxxxxxx>
Subject: RE: Asessment of TAMP with vendor hat on
From: "Kemp, David P." <DPKemp@xxxxxxxxxxxxxx>
Date: Wed, 19 Dec 2007 11:10:07 -0500
In-reply-to: <9F11911AED01D24BAA1C2355723C3D320A10F37928@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <9F11911AED01D24BAA1C2355723C3D320A10F36C10@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx osoft.com> <82D5657AE1F54347A734BDD33637C8790A0908FA@xxxxxxxxxxxxxxxxxxxxxxxx> <9F11911AED01D24BAA1C2355723C3D320A10F36C45@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx osoft.com> <82D5657AE1F54347A734BDD33637C8790A0FBE59@xxxxxxxxxxxxxxxxxxxxxxxx> <9F11911AED01D24BAA1C2355723C3D320A10F3756A@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx osoft.com> <> <9F11911AED01D24BAA1C2355723C3D320A10F37928@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
Thread-index: AchA3nJ3rkKNId1dTM6C/0C7SwakrQAdpsigAD8jGMA=
Thread-topic: Asessment of TAMP with vendor hat on


> From: Stefan Santesson
>
> The challenge of this group is to consider both the management model
of
> a central function with complete authority over local TA stores on
> distributed Hosts and the model where the TA distributing environment
> merely support the hosts with a reliable source of TAs. 

Yes, we are in agreement that this is an important distinction.

> Both models can be managed, one directly and the other indirectly.
> I'm not convinced yet the directly managed model is needed, but that
> can be saved for future debate.

As you say, the issue is who has complete authority.  In the case of
Hosts owned and managed by an enterprise but located on employees'
desks, should it be up to the employee to voluntarily make use of
enterprise-managed reliable TA stores, or should the enterprise have a
model that permits it to query and set TAs on Hosts regardless of the
employee's wishes?

I know very few of the technical details about how "my" work machine was
installed and added to an AD domain.  But at some point in the process
it received a TA (an administrator password) that I do not know and can
not change; thus I do not have the technical ability to override my
employer's control of my desktop.

I'm convinced that you believe direct management is not needed because
you do not see "TA" in its full generality.  If you accept that control
of a host is ultimately traced back to a TA of some form and you accept
the need of an enterprise to control its hosts in a way that users
cannot override, then you must believe in direct management.

Dave

References:
- RE: Asessment of TAMP with vendor hat on
  - From: Santosh Chokhani
- RE: Asessment of TAMP with vendor hat on
  - From: Santosh Chokhani
- RE: Asessment of TAMP with vendor hat on
  - From: Stephen Kent
- RE: Asessment of TAMP with vendor hat on
  - From: Stefan Santesson

Prev by Date: Re: TAM as a new WG item?
Next by Date: Girls like when you have big device
Previous by thread: RE: Asessment of TAMP with vendor hat on
Next by thread: Re: Asessment of TAMP with vendor hat on
Index(es):
- Date
- Thread