RE: charter revisions

[Paul Hoffman / IMC <phoffman@xxxxxxx>]

At 4:44 PM -0700 9/4/01, Michael Myers wrote:
>  > >   These needs are better addressed by other forums.
> >  Such as...?
>
>
> Such as whomever chooses to stand up the responsibility, or is PKIX going to
> go on forever ratifying extension X, protocol Y and policy Z?

History say "the latter".

>   This role
> does not strike me as an engineering activity.

Fully agree. Oh, well.

> To the extent these issues remain relevant to the IETF and its governing
> bodies, perhaps those superior organizations may wish to consider their
> role.  In *that* regard, IANA's classic role comes to mind but since so much
> of what PKI is and does to an enterprise is intrinsically bound up in
> enterprise security policy (as it should be), it's not clear to me that an
> IANA-like organization is the  best path forward.

IANA is not a body that should pass security standards.

> Perhaps, Paul, given your exposure IETF/IESG/IAB organizational issues, you
> could propose something?

I did: I supported putting it in the PKIX WG charter. Seeing some 
vendor interest, and seeing the PKIX WG does a fair job at putting 
out protocols without gaping security holes, and not seeing any other 
reputable (or even half-reputable) organization stepping up, I don't 
see why it should not be done here. Charter creep is pretty common in 
the IETF security area, yes? Should we not fully embrace that?

> I fear I've stirred the fire more than I should have.

Spoken like a true Californian at the end of a long, dry summer.

--Paul Hoffman, Director
--Internet Mail Consortium