[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trivial PKI Question

To: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>
Subject: Re: Trivial PKI Question
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 7 Mar 2003 12:13:46 -0500
Cc: <ietf-pkix@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <> <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 7:52 AM +0100 3/7/03, Anders Rundgren wrote:

Steve Kent wrote:

<snip of a ton of mostly only patronizing lines>
   >any time someone uses the term "frictionless" I know we've moved into
   >marketing hype land.
To this private list of Dr. Kent's no-words we should also add "existing practices", "simplicity", "scalability", "plug-and-play", "business-system", "XML-based", "VeriSign", "Microsoft", and most of all "the market".

I realize that English is not your native language, and thus I do applaud your generally excellent use of English. Let me help clarify some of the subtleties that seem to be confusing, based on the text above:

- "Exitsing practices" is a fine phrase, but it is sometimes used by folks to avoid changes to paradigms with which they feel comfortable. So, depending on how one uses it, the phrase might be a good reason for a design choice, or a defense against an appropriate paradigm shift.

- "Simplicity" and "scaleability" are over-used, generally not quantifiable, and usually trite terms on the verge of being buzzwords. The phrase "plug-and-play" is certainly a buzz phrase, and more appropriately rendered as "plug and pray" in many instances.

- Proper names of companies are just that, even when spelled using the poly-capitalized form that became so trendy in the 90's.

- "XML-based" is potentially an accurate description of a technology, but it confers no intrinsic goodness.

- "Market" is a term often used by people in an attempt to lend weight to their positions, when no technical justification for such positions exists. It too could be a neutral, useful term, but its misuse renders it questionable in many contexts.

Hopefully this brief tutorial will help your writing in the future.


   >Oh. This is just another advertisement for your notions on how to
   >"fix" everything that is "wrong" with X.509.

By adding a minute constraint extension on top of RFC3280, PKI can
technically be converted from being an n-level structure of arbitrary
complexity, into a 2-level self-describing structure.

Is the preceding string of words intended to convey some meaning?

But as "simplicity" is like a red blanket to Dr. Kent, he insists only
promoting technically broken stuff like the PI, which obviously was
engineered by looking at the world through a microscope.

Simplicity is hardly a panacea, though it is a desirable feature. On the other hand, some things that are promoted as simple as just simplistic.

>Nevermind,

I don't.  I rather support Phill's statement that it is time for you and PKIX
to wrap-up and close the show.  "The thrill is gone".  It is BTW only two
weeks to the next IETF, and you have even have not even managed to create
an agenda for PKIX.  http://www.ietf.org/meetings/wg_agenda_56.html

Were you planning to attend this IETF meeting? If so then you have a legitimate desire to see the agenda as soon as possible. If not, then your comment is just sniping, offered by someone who has never contributed constructively to any PKIX effort. Tim is responsible for the agenda, and I'm sure your concern will be noted by him.

More broadly, if you believe PKIX is not providing utility then feel free to not participate in the WG activities, rather than wasting the time of WG members. The message that prompted my response exhibited very sloppy analysis which was contrived to promote your pet project as a solution. I provided a detailed critique of the errors and omissions in the message, to which you did not respond. Instead, your response merely tries to argue that YOU know what the market wants and YOU have THE solution. That seems to be typical form of your messages to this list, hence my characterization of you not contributing constructively.

Maybe there is a problem that is important and for which you have a good solution. Unfortunately, you have repeatedly failed to do a good job of characterizing the problem. Instead, you have emphasized your proposed solution. We don't need solutions looking for problems, especially when your solutions conflict with existing PKIX standards track efforts.

Steve

References:
- Trivial PKI Question
  - From: Anders Rundgren
- Re: Trivial PKI Question
  - From: Stephen Kent
- Re: Trivial PKI Question
  - From: Anders Rundgren

Prev by Date: [Fwd: RFC3281 erratum]
Next by Date: Re: Trivial PKI Question
Previous by thread: Re: Trivial PKI Question
Next by thread: Re: Trivial PKI Question
Index(es):
- Date
- Thread