[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Software for PKI

To: <ietf-pkix@xxxxxxx>
Subject: Re: Software for PKI
From: Stephen Kent <kent@xxxxxxx>
Date: Tue, 13 Nov 2001 13:58:37 -0500
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <><>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Folks,

IETF working groups produce standards that vendors and users may or may not choose to employ. Ultimately, irrespective of whether we produce use cases or business cases for the work we do, the marketplace will decide if the standards are beneficial and relevant. Thus the value of the added documentation burden that Todd suggested is not clear. (The inclusion of rationale in standards is often a good idea, if it does not make the document too long or too hard to read. The PKIX Roadmap document is intended to capture much of the rationale and arguments associated with the development of PKIX standards. This is more than most WGs do in this respect.)

The IETF imposes certain requirements for advancement of documents in the standards process and it is not obvious that the PKIX WG is unique in a fashion that requires or motivates deviation from the procedures by which the rest of the IETF operates, in this regard.

We make decisions about the potential utility of a proposed work item when we adopt the item for the WG, e.g., add it to the charter. This decision ultimately rests with the WG chairs, who decide based on WG list discussions and based on their experience. I am aware of no precedent in the IETF that requires the sort of documentation Todd has suggested as a normal part of developing IETF standards, and thus I do not envision adopting this proposal as part of the charter for PKIX. I submitted the revised PKIX charter to the Security Areas directors several weeks ago and when they approve it, it will be posted to the IETF web site.

The discussion that has taken place under the subject heading has been very wide ranging. Much of the discussion centered on "what's wrong with PKI." This discussion often failed to make the critical distinction between problems associated with implementations of PKI technology, problems with specific PKI models, and problems with PKI standards. This WG is not responsible for broken implementations. We are not responsible for marketing hype claiming that PKI is a panacea. We are not responsible for the ways in which people may choose to use PKI technology, which may be a bad fit for their businesses. We are responsible for creating standards that are technically accurate, comprehensible, and which we believe address some non-trivial range of problems associated with reasonable uses of PKI technology in the Internet. This is a sufficiently difficult task that we are probably well advised to focus on it.

Steve

Follow-Ups:
- Motions before the WG - Was Re: Software for PKI
  - From: todd glassey
- RE: Software for PKI
  - From: Ben Goldman
- Re: Software for PKI
  - From: Michael Ströder

References:
- RE: Software for PKI
  - From: Ryan Hurst
- Re: Software for PKI
  - From: todd glassey

Prev by Date: Re: signed e-mail
Next by Date: Re: Software for PKI
Previous by thread: Re: Software for PKI
Next by thread: Re: Software for PKI
Index(es):
- Date
- Thread