[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: LAST CALL: draft-ietf-pkix-cmc-05.txt

To: ietf-pkix@xxxxxxx
Subject: RE: LAST CALL: draft-ietf-pkix-cmc-05.txt
From: "Flanigan, Bill" <flanigab@xxxxxxxxxxxx>
Date: Wed, 28 Jul 1999 16:17:46 -0400

Well said, Dave, as usual.  The underlying problem (as I think we would
likely agree) is the dynamic (and the monetary/political fall out when
things don't work well or at all) of the PKI *business.*  (Yeah, I know, we
all over hyped it to get things moving!)  Vendors now implement the I-D (or
the pre I-D--see other emails) or the Proposed RFC (but only if they have
been away on Mars!).  Never mind the Draft RFC, and who the heck even
bothers to download the Standard RFC--the world has moved gigacycles by
then--since it is likely to be de facto depreciated to Historical status.
Furthermore, who reads 2026 (much less dares to tell management what it
actually says).  But if we toss the words *experimental* or *pilot* or *use
at management's risk* or *use at the risk of your NASDAQ price dropping by
half* into the RFC title (or better yet, proactively resist the temptation
and pressure to move on to the standards track until two implementers
swear--and digitally sign it--they have achieved interop), now we have a
counter to that magic anagram *RFC*.  I would venture to guess that 95
percent of the folks who sign the checks in early-adopter organizations (and
to whom you have to answer to when things fall apart) believe that once an
RFC number has been issued, it's now an IETF STANDARD SO WHY SHOULD THERE BE
A PROBLEM?!  This is why I like the sound of *Experimental RFC* or
*Pilot-Only RFC*, etc.

Bill
> ----------
> From: 	David P. Kemp[SMTP:dpkemp@missi.ncsc.mil]
> Reply To: 	David P. Kemp
> Sent: 	Wednesday, July 28, 1999 2:05 PM
> To: 	ietf-pkix@imc.org
> Subject: 	RE: LAST CALL: draft-ietf-pkix-cmc-05.txt
> 
[snip]

> Early adopters should probably refer to RFC2026:
> 
>    "Implementors should treat Proposed Standards as immature
>    specifications.  It is desirable to implement them in order to gain
>    experience and to validate, test, and clarify the specification.
>                                          ^^^^^^^
>    However, since the content of Proposed Standards may be changed if
>    problems are found or better solutions are identified, deploying
>    implementations of such standards into a disruption-sensitive
>    environment is not recommended."
> 
> One can only strive to be standards-compliant when there is a Standard
> (not a Proposed or Draft Standard) to comply with.  How would
> designating CMC or CMP as Experimental or I-D assist early adopters in
> not feeling like guinea pigs?  If your boss tells you to implement a
> prototype (as a vendor) or pilot (as a user), your choice is to ignore
> him and do nothing until there is a Standard, or implement the
> specifications that are available.  If you are an early adopter, you
> are a guinea pig, whether you adopt an Experimental RFC or a Proposed
> Standard RFC.
> 
> We in the DMS and now DoD PKI arena are very much guinea pigs, and
> there is nothing constructive we can do about it except continue to
> design, implement and test.  Other PKIX constituents are in the same
> boat.  There's nothing wrong with that; it's part of being in an Open
> process (or a democracy, or a free-market economy, or whatever).
>

Follow-Ups:
- RE: LAST CALL: draft-ietf-pkix-cmc-05.txt
  - From: Robert Moskowitz

Prev by Date: Re: LAST CALL: draft-ietf-pkix-cmc-05.txt
Next by Date: Re: LAST CALL: draft-ietf-pkix-cmc-05.txt
Previous by thread: RE: LAST CALL: draft-ietf-pkix-cmc-05.txt
Next by thread: RE: LAST CALL: draft-ietf-pkix-cmc-05.txt
Index(es):
- Date
- Thread