[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OCSP-X vs SCVP

To: Paul Hoffman / IMC <phoffman@xxxxxxx>, Michael Zolotarev <mzolotarev@xxxxxxxxxxxxx>, Marc Branchaud <marcnarc@xxxxxxxxx>
Subject: RE: OCSP-X vs SCVP
From: Michael Zolotarev <mzolotarev@xxxxxxxxxxxxx>
Date: Fri, 10 Nov 2000 14:05:45 +1100
Cc: "'ietf-pkix@xxxxxxx '" <ietf-pkix@xxxxxxx>

Paul,

I think this is a classic example of MZ been taken wrong once again,
unfortunately.

And it was the least of my intentions to be "loud and repetitive".

The point I'm trying to make is that we have to be really careful about
rushing into XML. 
In many cases - and I'm sure you'll be able to confirm it more than anybody
else - people say XML, and want XML, and 'can' XML just for heck of it.
Trying to push XML into places where it doesn't really belong, or have no
technical reasons to be.

The line between protocols and APIs is a subtle one. There is a common mixup
between what is protocol, and what is the presentation layer. The use of
OCSP by XML-enabled applications can be, and should be IMHO facilitated by
APIs. With the application been completely unaware of what goes through the
wire, and what is the format of what was transmitted.

And so far I didn't hear any single argument which justifies (except just
saying 'our customers want it') the opposite. Still waiting...

Again, I'm not against XML in PKI. And I can be as loud and repetitive as I
am defending use of XML in other areas of PKI. But with OCSP - sorry, I'm
not convinced.

Michael

> -----Original Message-----
> From: Paul Hoffman / IMC [mailto:phoffman@imc.org]
> Sent: Friday, 10 November 2000 12:03
> To: Michael Zolotarev; Marc Branchaud
> Cc: 'ietf-pkix@imc.org '
> Subject: RE: OCSP-X vs SCVP
> 
> 
> At 12:06 PM +1100 11/10/00, Michael Zolotarev wrote:
> >  >
> >>  > >  But that ain't how the world works, and
> >>  > > that ain't how
> >>  > > people want it to work.
> >>  >
> >>  > Proof, please. I want the proof.
> >>  >
> >>
> >>  The fact that people seem to care about this is proof 
> enough for me...
> >
> >MArk, this is really speculative thing to say... I don't buy it as an
> >argument, sorry.
> 
> It is not speculative. There have been people on this mailing list 
> who have said that they want an XML-based solution. Telling them that 
> you don't buy their opinion as an argument will tend to cause them 
> not to contribute again, yes? At that point, the WG will reduce to 
> those of us who are loud and repetitive. That is not a good way to 
> produce good protocols.
> 
> >Dont think it is a real issue with hosts and desktops. Dont 
> think there is
> >an issue with mobile devices either. I am not saying it is a 
> bloat, or it is
> >not. I just want some approx figures. Compare bare-minimum
> >ASNParser+OCSP_APIs with OCSP_XML_APIs ( for fairness I 
> assume that XML
> >parser is present on the platform regardless, so it doesn't count).
> 
> This level of argument reduces to "the customer is usually wrong". 
> That works in some areas, not in others. Given two protocols that 
> could meet the same objectives, such arguments are likely to squelch 
> input from the very people we should be listening to.
> 
> --Paul Hoffman, Director
> --Internet Mail Consortium
>

Prev by Date: RE: OCSP-X vs SCVP
Next by Date: XML in PKIX. Was: OCSP-X vs SCVP
Previous by thread: RE: OCSP-X vs SCVP
Next by thread: Re: OCSP-X vs SCVP
Index(es):
- Date
- Thread