[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Motions before the WG - Was Re: Software for PKI

To: <ietf-pkix@xxxxxxx>, "Stephen Kent" <kent@xxxxxxx>, "Tim Polk" <wpolk@xxxxxxxx>
Subject: Motions before the WG - Was Re: Software for PKI
From: "todd glassey" <todd.glassey@xxxxxxxxxxxxxxxx>
Date: Wed, 14 Nov 2001 08:24:25 -0800
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <><> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Stephen -

Maybe this is partially my fault - Tim and I spoke for about a half hour
this AM and I perhaps it me that is remiss.

Perhaps what I should have been using is the phrase "Requirements
Specification" rather than that of "Use Models" as I have been.  Tim informs
me in official "IETF-speak" that the "Requirements Specifications" constrain
how this protocol interacts with others and what it actually provides from a
technological perspective, and honestly that is all I have ever wanted to
make mandatory. I agree that it is the responsibility of other standards
orgs to produce end-user use models, i.e. ones in the real world, but that
they cannot do that in most all instances with PKI without that Requirements
Definition.

To that end I would propose that all current in process and future works
including all RFC's and Drafts in play require this addition before being
advanced from where they are as of Today. To that end, I would call for some
discussion and a vote on this matter. Take this as a formal motion before
the floor then.

I move to change the Description Section of the WG Charter by:

    1)    Better describing the functionality of the PKI WG and moving the
bulk of the first paragraph (everything after the first sentence) into a
separate paragraph called "Accomplishments to date:"

    2)    Supply a better description of PKI technologies as the building
blocks of trust (we as a group will have to work on this)

    3)    Supply a process statement within the group about how technologies
are submitted and the operating proviso under which they will be evaluated.

    4)    Supply a Requirements Section statement as part of #3 above.

    5)    Supply an administrative description of the Groups Processes and
Management as well as how it works (or doesn't) with other Standards Orgs
since this is becoming more and more important to PKIX.

Todd Glassey


----- Original Message -----
From: "Stephen Kent" <kent@xxxxxxx>
To: <ietf-pkix@xxxxxxx>
Sent: Tuesday, November 13, 2001 10:58 AM
Subject: Re: Software for PKI


>
> Folks,
>
> IETF working groups produce standards that vendors and users may or
> may not choose to employ. Ultimately, irrespective of whether we
> produce use cases or business cases for the work we do, the
> marketplace will decide if the standards are beneficial and relevant.
> Thus the value of the added documentation burden that Todd suggested
> is not clear. (The inclusion of rationale in standards is often a
> good idea, if it does not make the document too long or too hard to
> read. The PKIX Roadmap document is intended to capture much of the
> rationale and arguments associated with the development of PKIX
> standards. This is more than most WGs do in this respect.)
>
> The IETF imposes certain requirements for advancement of documents in
> the standards process and it is not obvious that the PKIX WG is
> unique in a fashion that requires or motivates deviation from the
> procedures by which the rest of the IETF operates, in this regard.
>
> We make decisions about the potential utility of a proposed work item
> when we adopt the item for the WG, e.g., add it to the charter. This
> decision ultimately rests with the WG chairs, who decide based on WG
> list discussions and based on their experience. I am aware of no
> precedent in the IETF that requires the sort of documentation Todd
> has suggested as a normal part of developing IETF standards, and thus
> I do not envision adopting this proposal as part of the charter for
> PKIX. I submitted the revised PKIX charter to the Security Areas
> directors several weeks ago and when they approve it, it will be
> posted to the IETF web site.
>
> The discussion that has taken place under the subject heading has
> been very wide ranging. Much of the discussion centered on "what's
> wrong with PKI." This discussion often failed to make the critical
> distinction between problems associated with implementations of PKI
> technology, problems with specific PKI models, and problems with PKI
> standards. This WG is not responsible for broken implementations. We
> are not responsible for marketing hype claiming that PKI is a
> panacea. We are not responsible for the ways in which people may
> choose to use PKI technology, which may be a bad fit for their
> businesses. We are responsible for creating standards that are
> technically accurate, comprehensible, and which we believe address
> some non-trivial range of problems associated with reasonable uses of
> PKI technology in the Internet. This is a sufficiently difficult task
> that we are probably well advised to focus on it.
>
> Steve

Follow-Ups:
- Re: Motions before the WG - Was Re: Software for PKI
  - From: Tim Polk

References:
- RE: Software for PKI
  - From: Ryan Hurst
- Re: Software for PKI
  - From: todd glassey
- Re: Software for PKI
  - From: Stephen Kent

Prev by Date: Re: TSA messages for http ?
Next by Date: proposed change inthe charter
Previous by thread: RE: Software for PKI
Next by thread: Re: Motions before the WG - Was Re: Software for PKI
Index(es):
- Date
- Thread