RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))

[Lynn.Wheeler@xxxxxxxxxxxxx]

re: subcontracting out authentication;

no, the example was to indicate that the seperation of authentication and
authorization isn't within the same business unit ... but totally different
organizations ... the characterization was that authentication and authorization
has been seperated so far into different factions where the authentication
function has actually was really (as silly as it may seem) subcontracted out to
the opposing forrce ... i.e. DOD didn't subcontract DOD certificate authorities
to USPS or some government agency ... but actually subcontracted out DOD
internal authentication function to a foreign government ... one that is even at
odds with the interests of the US government. The degree of the seperation of
authentication and authorization is to the extent totally differenent
business/company/country has been asked to do all of your authentication ...
even tho the agency in question doesn't have your best interests at heart (and
in fact may have interests that are improved if false authentication occurs).

It is like in the home business ... they typically recommend that a buyer get
their own lawyer and not expect the seller's lawyer and/or seller's real estate
agent to act in the buyer's interest ...


re: account records

while account records are frequently motivated by financially related matters
... they aren't unique to the financial industry. nearly every business interest
operates off account records. within the pervue of the IETF ... every ISP
offering internet service for sale operates off account records (amount of
service, quality of service, whether it is currently active or not, has this
month's bill been paid, etc). So I wouldn't want to characterize that only
financial institutions are uniquely motivated as having account record driven
business.