[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Yes, and remove more of the alphabet from the PKIX soup

To: Eric Bomarsi <ebomarsi@xxxxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: Yes, and remove more of the alphabet from the PKIX soup
From: Al Arsenault <aarsenault@xxxxxxxxxx>
Date: Thu, 11 Feb 1999 13:20:59 -0500
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Eric,

At 12:23 PM 2/11/99 -0500, Eric Bomarsi wrote:
>I am trying to understand the relationship between the various
>certificate enrollment protocols and came across this archived
>email thread. <snipped>
>
>Since then, CMP is going to RFC, CMMF seems to be
>going away, and CMC work continues. Correct?
>

Correct.

>So can someone with experience in each of these please
>summarize the merits of each?
>
>Is CMC a follow-on to CMP and intended to improve some
>deficiencies, or are they competing protocols.

This is what the "PKIX Roadmap" says at this point: (text provided so that if somebody thinks this is wrong, tell Sean & me before we release the next draft :-)

DOCUMENT TITLE: Certificate Management Messages over CMS
<draft-ietf-pkix-cmc-02.txt>

DESCRIPTION: This document defines the means by which PKI clients and
servers may exchange PKI messages when using S/MIME's Cryptographic
Message Syntax [CMS]as a transaction envelope. CMC supports the certificate request message body specified in the Certificate Request Message Format [CRMF] documents, as well as a variety of other certificate management messages. The primary purpose of this specification is to allow the use of an existing protocol (S/MIME)as a PKI management protocol, without requiring the development of an entirely new protocol such as CMP. A secondary purpose is to codify in IETF standards the current industry practice of using PKCS 10 messages [PKCS10] for certificate requests.

Yes, the two protocols (CMP and CMC) are "competing" with one another. CMP was created first (it evolved out of the original PKIX-3 document); then CMC (which was originally CRS) was proposed as an alternative by a group of people who didn't want to deal with the creation of a new protocol. Vendors generally choose one or the other to implement; certain vendors (I'll let them speak for themselves) have said publically that they're going to support CMC and never implement CMP; other vendors have made similar commitments to CMP and seem to shun CMC. I'm not aware of anybody who has made a public commitment to support both, but there might be somebody.

The decision made at the Washington IETF about 15 months ago was to go ahead with the two different protocols at this point, and let the market decide which one (or maybe both) would eventually win.

Al Arsenault

-- these are my opinions only. They do not necessarily reflect the
opinions of my employer, or of any other organization with which I have a
relationship.

References:
- RE: Yes, and remove more of the alphabet from the PKIX soup
  - From: Eric Bomarsi

Prev by Date: Comments to Qualified Certificates draft
Next by Date: RE: Finding PKIX Servers!
Previous by thread: RE: Yes, and remove more of the alphabet from the PKIX soup
Next by thread: RE: Yes, and remove more of the alphabet from the PKIX soup
Index(es):
- Date
- Thread