RE: Software for PKI

["Ben Goldman" <ben.goldman@xxxxxxxxxxxxxxx>]

Hi Steve,

>From my experience in the IETF, the main working group list is meant to
specifically address the rfc issues and to reach a consensus for the
proposed standards. Usually there is an additional, more general discussion
list, where people can freely discuss additional concepts or theories
regarding the marketing, implementation and/or "real life" experiences
involved with the proposed standards.

>From my experience it would greatly help the working group, and reduce the
load in the main list, if we will have an additional list side by side with
the main list. I had checked this issue with our web administrators, and it
would be possible to host this list for the working group.

People can send a subscribe request to
ietf-pkix-general-request@xxxxxxxxxxxxxxx

To Subscribe: ietf-pkix-general-request@xxxxxxxxxxxxxxx
In Body: subscribe your_email_address (In Body)

My 2 Cents.

Ben



-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]On
Behalf Of Stephen Kent
Sent: Tuesday, November 13, 2001 20:59
To: ietf-pkix@xxxxxxx
Subject: Re: Software for PKI


Folks,

IETF working groups produce standards that vendors and users may or
may not choose to employ. Ultimately, irrespective of whether we
produce use cases or business cases for the work we do, the
marketplace will decide if the standards are beneficial and relevant.
Thus the value of the added documentation burden that Todd suggested
is not clear. (The inclusion of rationale in standards is often a
good idea, if it does not make the document too long or too hard to
read. The PKIX Roadmap document is intended to capture much of the
rationale and arguments associated with the development of PKIX
standards. This is more than most WGs do in this respect.)

The IETF imposes certain requirements for advancement of documents in
the standards process and it is not obvious that the PKIX WG is
unique in a fashion that requires or motivates deviation from the
procedures by which the rest of the IETF operates, in this regard.

We make decisions about the potential utility of a proposed work item
when we adopt the item for the WG, e.g., add it to the charter. This
decision ultimately rests with the WG chairs, who decide based on WG
list discussions and based on their experience. I am aware of no
precedent in the IETF that requires the sort of documentation Todd
has suggested as a normal part of developing IETF standards, and thus
I do not envision adopting this proposal as part of the charter for
PKIX. I submitted the revised PKIX charter to the Security Areas
directors several weeks ago and when they approve it, it will be
posted to the IETF web site.

The discussion that has taken place under the subject heading has
been very wide ranging. Much of the discussion centered on "what's
wrong with PKI." This discussion often failed to make the critical
distinction between problems associated with implementations of PKI
technology, problems with specific PKI models, and problems with PKI
standards. This WG is not responsible for broken implementations. We
are not responsible for marketing hype claiming that PKI is a
panacea. We are not responsible for the ways in which people may
choose to use PKI technology, which may be a bad fit for their
businesses. We are responsible for creating standards that are
technically accurate, comprehensible, and which we believe address
some non-trivial range of problems associated with reasonable uses of
PKI technology in the Internet. This is a sufficiently difficult task
that we are probably well advised to focus on it.

Steve