[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DRAFT minutes, SACRED WG, Minneapolis IETF

To: Yongge Wang <ywang@xxxxxxxxxxxx>
Subject: Re: DRAFT minutes, SACRED WG, Minneapolis IETF
From: Stephen Farrell <stephen.farrell@xxxxxxxxxxxx>
Date: Wed, 28 Mar 2001 11:22:19 +0100
Cc: "'ietf-sacred@xxxxxxx'" <ietf-sacred@xxxxxxx>
List-archive: <http://www.imc.org/ietf-sacred/mail-archive/>
List-id: <ietf-sacred.imc.org>
List-unsubscribe: <mailto:ietf-sacred-request@imc.org?body=unsubscribe>
Organization: Baltimore Technologies Ltd.
References: <>
Reply-to: stephen.farrell@xxxxxxxxxxxx
Sender: owner-ietf-sacred@xxxxxxxxxxxx

Yongge Wang wrote:
> 
> > We MUST end up with an interoperable protocol. That means choosing one
> > of everything that can be chosen, including authentication schemes as
> > the mandatory-to-implement. We will ensure that implementations are
> > able to flag other options (and might even generate some WG documents
> > about them).
> 
> Then it might be a little hard. Since it will depend on the
> main user of SACRED of future. That is, the client devices are mainly
> desktop computers or handheld devices (generally power, bandwidth,
> computation ability constraint)? That will be the crucial factors
> for choosing the algorithms. I do not think one Palm-user would like
> to wait there for three minutes to establish the connection with
> the server (the authentication or key exchange is quite slow
> for some algorithms) and then download his/her credentials
> (e.g., private signature key).

I'm agree we cannot specify a basic sacred protocol (selecting transport,
authentication scheme & cred format) that will work everywhere.
We do have to pick a combination to ensure basic interoperability.
That combination should be suitable for a wide range of use
cases, but should not (IMO) be driven by the "hardest" use 
cases. 

For devices where its just not possible (or sensible) to
conform to the basic sacred protocol, you can separately specify 
(i.e. in another RFC) some partial level of interopability. For
example, handling the basic credential format and transport,
but a different authentication scheme. Assuming you can find a 
credential server that supports both the basic sacred protocol and
the putative additional RFC, that would be enough to allow you
to move credentials between the typical and more limited devices.

Lastly, I'm not sure how much we should take today's handheld device 
limitations as constraining us, given that sacred implementations 
won't be deployed for a while and better devices come along all the
time (btw: anyone know the average lifetime of palms & similar?)

Stephen.

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@xxxxxxxxxxxx
Ireland                             http://www.baltimore.com

References:
- Re: DRAFT minutes, SACRED WG, Minneapolis IETF
  - From: Yongge Wang

Prev by Date: three issues (was: Re: DRAFT minutes, SACRED WG, Minneapolis IETF)
Next by Date: Re: three issues (was: Re: DRAFT minutes, SACRED WG, Minneapolis IETF)
Previous by thread: Re: DRAFT minutes, SACRED WG, Minneapolis IETF
Next by thread: Re: DRAFT minutes, SACRED WG, Minneapolis IETF
Index(es):
- Date
- Thread