[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))

To: Lynn.Wheeler@xxxxxxxxxxxxx
Subject: Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
From: Stephen Kent <kent@xxxxxxx>
Date: Mon, 19 Jul 1999 19:06:21 -0400
Cc: "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
In-reply-to: <>

Lynn,

>I've talked to a number of people that have deployed IPSEC &/or VPN in various
>business critical environments and view IPSEC as not fullfilling their
>needs ...
>but are using it because the software is easily available at the moment
>... and
>then cribbing code in behind the IPSEC handshake
>to do real-time account lookup as the final arbirtrator.

OK.  I know lots of folks who do not do that, based on our experience as a
provider of managed VPN services.  Perhaps we just deal with different sets
of folks :-).

>as to previous comments as to "open" versis "closed" ... most of these are
>looking at "open" in the sense that they have a drive towards industry
>standards, ISO, IETF, ANSI, etc ... but they are closed in the current
>certificate scenerios in that a series of transactions all occur within the
>context of a global trust infrastructure typically represented by a number of
>real-time status, information, and/or aggregations embodied in an account
>record
>(as opposed to a trust infrastructure that is atomic on a transaction by
>transaction basis and covered within the context of information
>represented by a
>certificate manufactored at some point in the past).

I think that the persistant use of the phrase "account record" is telling
here.  Not all users of this technology are financial institutions, or
folks doing anything with financial accounts per se.  I tend to look at
these technologies from an application neutral perspective.

>it isn't that the cert-less transactions are lacking in trust parameters
>... it
>is that the atomic nature of cert trust propogation may not represent the
>business requirements of a series of transactions (although may be entirely
>appropriate for trust propogation in these environments involving sign-up &/or
>enrollment transactions).

As I said in one of my other messages, I think the phrase "trust
propogation" is generally a misnomer here.

Steve

References:
- Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
  - From: Lynn.Wheeler

Prev by Date: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Next by Date: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACT ION :draft-ietf-pkix-scvp- 00.txt))
Previous by thread: Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Next by thread: Re: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Index(es):
- Date
- Thread