[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Time-stamping: IETF / ISO
- To: Denis.Pinkas@xxxxxxxx
- Subject: Time-stamping: IETF / ISO
- From: Manuel Heras Gilsanz <mheras@xxxxxxxxx>
- Date: Thu, 10 Feb 2000 21:23:39 +0000
- Cc: roland@xxxxxxxxx, ietf-pkix@xxxxxxx, wes@xxxxxxxxxx, jmanas@xxxxxxxxxx, robert.zuccherato@xxxxxxxxxxx, smatyas@xxxxxxxxxx, stuart@xxxxxxxxxxxxxx, quisquater@xxxxxxxxxxxxxx, x.lai@xxxxxxxxxxx, m.chawrun@xxxxxxxxxxxxx, jis@xxxxxxx
- Organization: Visual Tools, S.A.
- Sender: manuel
Dear Mr Pinkas,
> Roland,
>
> Since you said that you want multiple mechanisms to be used and that
> it is NOT the intention of the ISO working group to introduce
> patented mechanisms, would you be able to provide at least one
> useful example of such a binding mechanism that is not patented ?
>
> Denis
I would like to express some opinions on the management of this draft
with respect to ISO interoperability.
>From my point of view, what ISO is trying to do is to leave the
specification open, so that (in principle) *any* mechanism can be used,
either patented or non-patented. The fact that all the protocols we know
of today are or are not patented (something not at all clear, on the
other hand) is inessential, irrelevant and a pure contingency.
Imagine that we discover life outside Earth and we have to exchange
time-stamp tokens with a (possibly more advanced and therefore
patent-less) civilisation: we don't care whether their TS protocols are
patented or not; what we do is to evaluate the _mechanisms_ for
production of time-stamp tokens they use, and whether they can
interoperate with us. It would be a pity for you to see that aliens can
exchange time-stamps via ISO TS-standard but not via IETF TS-standard!
;-)
As I understand the issue, there is no problem in having several
different time-stamping standards (although this complicates the life of
many people, is inefficient, and creates artificial demand for security
consultants); what is really problematic is to have several
_incompatible_ standards (this should be punished with jail, and with
the death penalty when development of both standards took place in
parallel!!). What ISO is trying to do, from my point of view, is to
minimise the number and the degree of the incompatibilities between IETF
and ISO approaches.
The obstination that you are exercising from your position as IETF draft
editor is totally unacceptable to me. Your decisions should be based on
technical grounds, with the goal of benefiting the whole Internet
community. Don't try to convince us that you discovered two days ago
that ISO is working on a time-stamping standard, because you are also
taking a seat in the ISO working group, and taking good notes of the
discussions held therein.
I have not seen any technical reason why you don't accept ISO approach,
and it is my opinion that as an I-D editor your decisions should be
merely (or, at least, mostly) technical, as opposed to guided by
political or personal interests. The single technical responses of
relevance have been to propose the use the policy field as a way of
choosing the final format (ISO/IETF) of the item, which is other way of
saying "we don't want to be interoperable, you just put another layer on
the onion, and write the format there". (Policy identifiers cannot be
used for that -- nobody has yet agreed how policy identifiers from
different TSA relate, and how to know whether a certain policy-id is ISO
or IETF-oriented.)
Let me finally remind to you that Mr Roland Mueller is not a bored
newcomer suggesting funny changes in the last minute because he doesn't
know what to do in his spare time: he is coordinating the ISO
time-stamping effort, and as such his comments deserve a bit (more) of
attention and dissection on your part. I don't believe in authorities,
but at least we should recognise that his opinions reflect what many
experts have agreed after long, deep discussions, and his motivation is
to promote the compatibility between standards. I think you have
redirected his polite messages to /dev/null as if they came from "just
another one", something very inappropriate from your side. On the other
hand, ISO has been promoting interoperability since its earliest draft,
something I have not seen "from the other side". [Now let me clarify
that I am not a friend of Mr Mueller or part of his family, but I think
he is doing an excellent work as coordinator of the ISO ad-hoc group,
trying to listen to everybody's needs and opinions.]
It is very funny that, being ISO thought of as a "monolythic institution
suffering a lot of bureaucreacy and political influence, where strict
country representation rules govern", and the IETF as "the paradigm of
informal, electronic, open standards without heavy bureaucratic or
political influence, where anyone can participate and an individual can
influence the future of the net" [this is the mental image shared by
many people on both institutions], what we see here is that the "roles"
have been exchanged, and while ISO is warmly promoting easy
interoperation, and dialog, the IETF draft editors coldly find
themselves unable to incorporate the changes due to the proximity of the
closing date or simply dismissing the comments with dubious responses to
which they didn't give a couple of minutes' thought.
I encourage you to reconsider your position, as you might do a great
favour to all the Internet and security communities with the
introduction of the minor changes identified by the ISO working group as
potentially problematic, or at least participating in the dialogue after
leaving the ego at home.
If not in the benefit of human beings, please do it in the benefit of
interoperability with alien civilisations!!
Best regards,
- Manuel Heras -
[ I hate flaming, but this was too much! ]
Manuel Heras-Gilsanz
Security Consultant