[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Classic PKI vs Thin PKI/S2ML

To: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Subject: Re: Classic PKI vs Thin PKI/S2ML
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 15 Dec 2000 15:55:18 -0500
Cc: "PKIX-List" <ietf-pkix@xxxxxxx>
In-reply-to: <>
References: <><><>

At 7:21 PM +0100 12/15/00, Anders Rundgren wrote:

Steve,

> This sort of marketing rhetoric has no place on an IETF mailing list,
> including this one. If you can't restrict your contributions to
> technical discussions, we'll have to ask you to not pot to this list.

Pardon me, I got a little bit carried away.

But, are you *really* prepared to openly discuss the problems with classical PKI
versus Thin PKI, S2ML, OBI and 3D-SSL?

If so, please comment the section of my posting mentioning banks, as this is something practically
all in this list have some knowledge with. As this is a very complex subject (my usual
Thin PKI seminar is 2-3 hours!), it is though very important to stay exactly on the track,
otherwise the discussion will deteriorate in no time at all. Unfortunately I don't think
that any of the main forces behind S2ML, OBI or 3D-SSL are interested in
"The war of the PKIs", but we'll see. And in the same way as with PKIXML, I
care more about "marketability" and "deploymentability" than if something is the
"most secure solution in the world". Sweden actually had the most secure solution in
the world: The SEIS electronic ID-card. Unfortunately it is fairly useless and expensive,
and therefore very few have it.

The financial community has a set of concerns that are entirely valid, and are NOT the whole of PKI. Lynn Wheeler, who just contributed to this discussion, pursues PKI issues in ANSI F9, a standards committee devoted to that application area.

PKIX addresses a broader set of PKI users and does not tailor standards to meet requirements of a given application arena, even if it is a very, very big arena. This, for example, we will not address PKI problems that are cast narrowly as financial transactions or cell phone problems, etc. The delegated path validation/discovery work that we are now doing is not narrowly cast, even though it may be very applicable to wireless users, etc. This desire to not be driven by specific application domains is NOT a PKIX-uniqye. For example, TCP/IP could be reworked from the ground up to better accommodate wireless users, but that's not likely to happen. The IPsec WG rejected the notion of changing ESP to better accommodate satellite and low speed wireless users.

The minutes of the WG meeting, plus Phil's slides, should indicate that there was no enthusiasm expressed there for mere syntactic transliteration of ASN.1 to XML. Phil observed that the XKMS initiative that he described is likely to be pursued in another forum, e.g., the W3C, based on feedback from the security ADs.

Steve

Follow-Ups:
- Digital Signature Infrastructure Was: Classic PKI vs Thin PKI/S2ML
  - From: Anders Rundgren
- Re: Classic PKI vs Thin PKI/S2ML
  - From: Phillip H. Griffin

References:
- Thin PKI won - You lost
  - From: Anders Rundgren
- Re: Thin PKI won - You lost
  - From: Stephen Kent
- Classic PKI vs Thin PKI/S2ML
  - From: Anders Rundgren

Prev by Date: Need clarification on rules for signatures in Time Stamp Tokens
Next by Date: Re: Classic PKI vs Thin PKI/S2ML
Previous by thread: Classic PKI vs Thin PKI/S2ML
Next by thread: Re: Classic PKI vs Thin PKI/S2ML
Index(es):
- Date
- Thread