[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: charter revisions

To: "Bob Jueneman" <bjueneman@xxxxxxxxxx>
Subject: RE: charter revisions
From: "Michael Myers" <myers@xxxxxxxxxxxxx>
Date: Tue, 4 Sep 2001 16:24:42 -0700
Cc: <ietf-pkix@xxxxxxx>
Importance: Normal
In-reply-to: <sb9502a1.083@prv-mail20.provo.novell.com>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Bob,

I read through this but remain firm in my opinion that upon resolution of
the DPV/DPD issues, the working group has achieved its original engineering
mission.  Others may disagree.  This is just one vote.

Further, of course there remains vast battlefields of market share.  But
such issues I feel are better addressed in fora more appropriate to open
discussion of business interests given the sound technical platform PKIX has
defined (modulo resolution of DPV/DPD).

I'm more pleased to read of your support for Dave's efforts.  I'm assuming
as I write this that that design hasn't changed in fundamental substance
since I was last involved in its definition.  Perhaps Dave, John Pawling,
Russ or somebody could confirm my assumptions?

Minimally, I think it would be useful in the long run to have that work
documented as an Informational but perhaps that reach exceeds its grasp.

Mike

Michael Myers
t: +415.819.1362
e: mailto:mike@xxxxxxxxxxxxxxxxxxxxxx
w: http://www.traceroutesecurity.com




> -----Original Message-----
> From: Bob Jueneman [mailto:bjueneman@xxxxxxxxxx]
> Sent: Tuesday, September 04, 2001 3:36 PM
> To: myers@xxxxxxxxxxxxx
> Cc: ietf-pkix@xxxxxxx
> Subject: RE: charter revisions
>
>
> Michael,
>
> Certainly you and I, and Russ, and a handful of Steves, and
> countless others, have been involved in this WG for so long that
> it sometimes feels like it was our life's mission.
>
> However, I think it might be a bit premature to suggest that PKIX
> be disbanded when there is relatively scant evidence (outside of
> SSL) that even the most basic goals of PKI have been achieved
> with anything close to ubiquity. To the contrary, lots of people
> are suggesting that "PKI is dead", without, of course, having an
> alternative suggestion ¯ except perhaps to throw the buggers out
> and have a new team start all over, this time presumably encoding
> everything in XML.
>
> (There might even be some merit in the "throw the buggers out"
> school of thought, for if we aren't part of the solution, perhaps
> we are part of the problem.  I don't think so ¯ I would prefer to
> think that we were just ahead of our time. Some of us, of course,
> may be a little more ahead of our time than others. :-)  And I'm
> sure we all have our own personal list of those features we would
> most like to see added, and if push came to shove, which ones we
> never cared about in the first place.  Speaking only personally,
> I crossed that point a long time ago with respect to DPV/DPD,
> TSP, certain forms of cross-certification, and some other things
> that I probably don't understand well enough to care much about,
> and happily so.)
>
> But although I might question the wisdom of continuing to
> proliferate this, that, and the other option during the technical
> discussion, I wouldn't try to invoke cloture before the debate
> had even started.
>
> I wouldn't go quite as far as Patrick Henry's "I disagree with
> what you say, but will defend to the death your right to say it",
> but I don't think that we need to have that discussion as part of
> the charter. That seems to be putting the cart before the horse.
> Instead, we should allow those who espouse the idea to work up an
> RFC and submit it, and if a rough consensus emerges, so be it.
> If not, the idea may languish forever as an experimental RFC, or
> it may go nowhere at all, with little harm done.  And some
> careful consideration might prevent someone from going off and
> offering something really dumb as a proprietary solution.
>
> As far as Dave Fillingham's ideas regarding clearances and other
> privileges are concerned, I absolutely agree with the basic
> thought, and would be more than willing to contribute a number of
> ideas of my own in that arena. If as alleged the PKI "movement"
> has been less than successful, it is arguably because we have
> concentrated far too much on identity, and trying to implement
> the world's finest system of identity-based nonrepudiation, while
> almost completely ignoring the basic concept of trust,
> particularly as regards the end user.
>
> No one cares much whether my name is Robert, Bob, or Beelzebub.
> What they really want to know is what I am allowed to DO, and
> whether there is enough money in my account to pay for it, and
> who says so.  Attribute certificates don't begin to really solve
> that problem, IMHO, for a host of reasons I won't get into.
>
> So should we simply that we're tired, throw up our hands, and go
> fishing, i.e., leave it to the XACML crowd to try it get right?
> I hope not.
>
> A friend recently characterized their apartment complex as being
> made up of the "newly wed, and nearly dead".  This WG may be
> nearer the second than the first, but I don't think it is time to
> call for the Last Rights quite yet.
>
> Bob
>
> >>> "Michael Myers" <myers@xxxxxxxxxxxxx> 09/04/01 03:33PM >>>
> Bob,
>
> Ignoring for a moment the durability of the IPSEC WG, as an IETF WG, PKIX
> must eventually close.  Of course, it's the chairs' call as to
> that precise
> timing but towards those considerations, I join those who say
> that the value
> added by addressing logotypes (and concomitantly extending the
> charter) does
> not warrant the energy required to fully address the requirements,
> particularly when placed in the context of the WG's predictable closure.
>
> At some point, we should declare victory and go fishing.  In my opinion,
> that state is most clearly signaled by closure of the DPV/DPD issues.
> Beyond that, I look forward to various other fora to step forward.
> Basically, move the feast.
>
> In my individual opinion as a WG participant, logotypes are no more
> technically fundamental to PKIX's mission than, say, the use of Subject
> Directory Attributes to convey clearance constraints.  In fact, if someone
> were to put the two on equal terms and call for a vote, I'd go for the
> latter.  What Dave Fillingham et. al. put together deserves far broader
> exposure than it's received to date.  My sense is that such considerations
> would have longer-reaching impact than logotypes.
>
> But that's just my opinion.  I could be wrong.
>
> Mike
>
>
> Michael Myers
> t: +415.819.1362
> e: mailto:mike@xxxxxxxxxxxxxxxxxxxxxx
> w: http://www.traceroutesecurity.com
>
> > -----Original Message-----
> > From: Bob Jueneman [mailto:bjueneman@xxxxxxxxxx]
> > Sent: Tuesday, September 04, 2001 1:11 PM
> >
> > . . . is there any evidence that  the WG is running out of energy?
>
>

Prev by Date: RE: Question: who signs a CRL if the CAcertificate, that signs it, is immediately revoked?
Next by Date: RE: charter revisions
Previous by thread: RE: charter revisions
Next by thread: RE: charter revisions
Index(es):
- Date
- Thread