Should PKIX protocols support XML well

[Ambarish Malpani <ambarish@xxxxxxxxxxxx>]

There are a bunch of industries/communities that are using XML
throughout their systems - all their messages are in XML, all
their development is in XML and XML is their chosen future
direction.

We may or may not agree about whether this is a wise decision, but
that decision has been made and is one that we (PKIX) can not
change.

Now the question is, do we try and support such groups in their
efforts or do we say: "Sorry, we think you did the wrong thing
by not picking ASN.1, so go figure out how to do public key
cryptography by yourself - we won't help"

My personal bias is that if a significant percent of the world
is headed towards XML, it makes more sense for us to support that
group and make sure that when they do PKI, they do it in a
secure way, rather than ignore that world and have them do PKI
either insecurely, or in n different ways. After having seen
different standards groups, I am quite convinced that IETF
actually do a pretty good job with their specifications and the
thoroughness with which specifications are reviewed. I think it
is our responsibility to help set the standards so that people
can use them in most significant environments, rather than have us
ignore the issue and have people not only do it in less secure
ways, but also have different groups do the same job in
different ways.

[Note: I am not trying to say that IETF should set all standards
in the world, but it does need to acknowledge and react to the
needs of large and diverse groups. And the XML community is one
such group].

Comments?
Ambarish
 

---------------------------------------------------------------------
Ambarish Malpani
Architect                                                650.567.5457
ValiCert, Inc.                                  ambarish@valicert.com
339 N. Bernardo Ave.                          http://www.valicert.com
Mountain View, CA 94043