At 10:50 AM +0100 7/6/07, Stephen Farrell wrote:
A non-enterprise case that is quite important, and can probably be
handled by the same protocol, is that of secure TA updates for
individual users. Right now, there are approximately two
widely-deployed models:
- Completely trust Microsoft to update your TA list for the OS and
all apps that use CAPI when you are validating a signature
- Completely trust Mozilla to update your TA list for their
products when you update your Mozilla software.
Maybe there is another useful model. :-)
Yes. However, I don't think we have anyone who's volunteering to
try to present/argue-for inclusion of that problem.
I volunteer. As I said in the earlier message, I think that the only
significant difference in the home-user case from the enterprise-user
case is that the home user will have multiple TA administrators. That
difference leads to some protocol-level additions, but I think the
number of those is quite small.
There's also the device/mobile-phone-like use case that Steve Kent
raised, but again, I also don't see someone jumping in to say that
they'd like to argue for doing a bunch of work on that.
I'll jump up for that one as well. As far as I can tell, the only
difference between that and the other two is one that I brought up
early on the list and didn't get objection to: that the protocol must
be based on individual messages, not on connections.
We do have agenda time if someone wants to take one of those on, and
I'd be very happy to see either or both presented/discussed as potential
parts of the problem statement, i.e., I wouldn't expect a worked out
solution in Chicago. (I'm not sure that Carl would include either
in his presentation, since his problem statement draft [1] doesn't
address those use cases.)
So, any volunteers? If you'd like to take a stab at either slot
just let Sean and I know.
I would like ten minutes for each of those. I'm happy to share it
with others who might also find the use cases valuable.
--Paul Hoffman, Director
--VPN Consortium
