RE: Yes, and remove more of the alphabet from the PKIX soup

[Carlisle Adams <carlisle.adams@xxxxxxxxxxx>]

Hi Eric,

> ----------
> From: 	Eric Bomarsi[SMTP:ebomarsi@xedia.com]
> Sent: 	Friday, February 12, 1999 1:17 PM
> To: 	Flanigan, Bill
> Cc: 	'Al Arsenault'; ietf-pkix@imc.org
> Subject: 	Re: Yes, and remove more of the alphabet from the PKIX soup
> 
> Al and Bill:
> 
> Thanks, the chronology helps put things in perspective.
> 
> It sounds as though some view CMC as the next phase
> certificate management protocol which will address
> deficiencies in CMP and CRS.
> 
Some may perhaps view it in this way, but I would propose that this is not a
correct view.


> I hope that means future CMP work is limited to incremental
> fixes and improvements rather than competing with CMC
> enhancements. Is this the case?
> 
These protocols need not be viewed as competing at all.  Many that I have
spoken with seem to share the view that CMP is currently the clear protocol
for many enterprise environments, along with LDAP/X.500 repositories, CRLs,
etc., etc..  CMC, on the other hand, may well mature to be the clear
protocol for the Internet, along with some other repository technology
(perhaps DNS), some other revocation technology (perhaps OCSP), etc., etc..
[This is not to say that there can be no mix-and-match in the two
environments, but at the moment they seem to fall more neatly into these two
categories.]

Certificate management in the Internet is not yet a solved problem, but some
of these protocols and technologies are helping that situation.  Certificate
management in the enterprise environment is quite a bit clearer.  CMP and
CMC need not compete; they may simply be seen as complementary (targeted at
different environments).

Carlisle.