On Mon, Apr 20, 2015 at 9:11 AM, Russ Housley <hous...@vigilsec.com> wrote:
> Stephen: > > If that paragraph were removed, would you be happier with the charter? If > so, consider it gone. I'm willing to assume that an attempt to replace > things that people are using will meet with vigorous discussion. I would suggest we do as you propose and remove this text. I think there will be plenty of occasion for people in the WG to argue about using existing stuff versus building anew. -Ekr > > Russ > > > On Apr 20, 2015, at 12:05 PM, Stephen Farrell wrote: > > > > > > > On 20/04/15 16:57, Russ Housley wrote: > >> Stephen: > >> > >> I did not see the ACME effort as trying to throw everything out. > > > > If it is not used, then I don't think we're throwing it out:-) > > > >> Rather, throw out the parts that have been an impediment to the kind > >> of automation proposed by ACME, but document the shortcoming. > > > > Sorry, I'm still not getting it. I don't see any need for ACME > > to document why CMP etc failed or what was wrong with CMP that > > may have caused it to fail. And the same for CMC etc. BTW by > > "fail" here I mean: not used by the major deployed PKIs on the > > public Internet. > > > > I also see no need at all to even try to re-use ASN.1 PDU > > structures that are defined in CRMF etc. > > > > I do think that ACME ought learn from the past of course, and > > am confident that there will be enough participants involved > > who have that history for that to not be problematic. > > > > But I do not think ACME ought be required to re-use any ASN.1 > > PDU definitions from any previous RFCs on this topic. > > > > Do we agree or disagree on that last? (I'm trying to get to > > quite specific meanings for "duplicate.") > > > > Cheers, > > S. > > > > > > > >> > >> Russ > >> > >> On Apr 20, 2015, at 11:43 AM, Stephen Farrell wrote: > >> > >>> > >>> Hi Russ, > >>> > >>> This bit puzzles me a lot, other bits puzzle me a little:-) > >>> > >>> On 20/04/15 16:23, Russ Housley wrote: > >>>> The ACME WG will not duplicate work from previous IETF > >>>> certificate management efforts. > >>> > >>> If accepted, that would seem to me to nullify the entire effort. > >>> Can you explain why I'm reading it wrong? > >>> > >>> ACME absolutely will duplicate work from previous IETF certificate > >>> management efforts that have failed to get traction over the last > >>> decade and a half. That is entirely fine IMO and needs no explicit > >>> justification whatsoever since we have 15 years of crystal clear > >>> non-use, outside of niche environments. (It is true that what is > >>> now considered a niche was not so considered back then.) > >>> > >>> In fact I believe anyone who claims such duplication is a problem > >>> should be the one to provide evidence for that by documenting > >>> exactly why and at what scale. > >>> > >>> It is just not credible for us to pretend that CMC, CMP, or EST are > >>> widely used for certificate management on the public Internet. If > >>> I'm wrong there I would really love to see the evidence but absent > >>> such, duplicating bits of functionality present in current RFCs > >>> that are not at all widely used is what is needed for this effort > >>> and needs to be encouraged. > >>> > >>> I think we really ought bottom out on this aspect before chartering > >>> - it'd be dumb of us to charter an ACME WG that has to fight all > >>> the CRMF battles over again, or the ASN.1 vs. whatever issues. So I > >>> hope lots of voices chime in and say what they think. > >>> > >>> S. > >>> > >>> _______________________________________________ Acme mailing list > >>> Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme > >> > >> > >> > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme