[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SCVP-01

To: "'Ambarish Malpani'" <ambarish@xxxxxxxxxxxx>
Subject: RE: SCVP-01
From: Carlisle Adams <carlisle.adams@xxxxxxxxxxx>
Date: Mon, 30 Aug 1999 12:12:35 -0400
Cc: ietf-pkix@xxxxxxx, donsch@xxxxxxxxxxxxxxxxxxxxxx

Hi Ambarish,

> > 
> > While I believe they exist, my impression is that we're still 
> > waiting to
> > hear from this "particular set of users" to confirm that the 
> > functionality
> > embodied in SCVP is a legitimate requirement.  Don's "group" 
> > has stated that
> > they don't need this (at least at the moment).  Do we have 
> > concrete details
> > regarding who does need this?
> 
> I have had conversations with people who are interested in this.
> Also, we have had quite a few of our customers use our tookit
> to do OCSP, but really wanted SCVP-like functionality. Yes, there
> are such people, unfortunately, most of them do not read the
> PKIX list - they belong to my first group of users - people
> who want to user public key cryptography without the overhead
> of understanding all of PKIX.
 
Not exactly what we were all looking for (i.e., "concrete details regarding
who does need this").  I understand that you may not be at liberty to share
any specific names, but even some generalities might help.  For example,
what you've said above ("people who want to use public key cryptography
without the overhead of understanding all of PKIX") suggests that for the
people you've spoken with this is an understanding or complexity issue,
rather than a footprint issue.  Is that true, or is it both, or are there
other motivators as well?

I initially had the impression that the driver was very constrained devices;
now I'm wondering if a more accurate picture is that the devices are
sufficiently powerful but those doing implementations don't really want to
understand all of PKIX.

In any case, a better understanding of the real requirements would be
helpful.

> The "on the other hand" case
> you are talking about is right on - yes, I am talking about
> a cert processing policy, that needs to be implemented (correctly)
> on every client desktop - SCVP. However, I am relatively sure
> you won't argue that correctly implementing SCVP is quite a
> bit easier than correctly implementing PKIX Part 1(2459),
> LDAP Op Protocol (2559), OCSP (2560), LDAP Schema for PKIX(2587),
> LDAP (1777), ...
 
You're right; no argument here.  However, this does not necessarily make
SCVP the right answer, since (as Mary-Ellen has pointed out) a
sufficiently-powerful library with a sufficiently-simple API brings the same
benefit.

Carlisle.

Follow-Ups:
- RE: SCVP-01
  - From: Paul Hoffman / VPNC

Prev by Date: RE: apologies and comments on SCVP
Next by Date: RE: SCVP-01
Previous by thread: RE: SCVP-01
Next by thread: RE: SCVP-01
Index(es):
- Date
- Thread