On Aug 10, 2007, at 12:47 PM, Stephen Farrell wrote:
You seem to prefer that this work be scoped so as to be limited
to x.509 TAs only.
I'm just wondering if you see any specific benefit to that, or
if its just that you've not seen specific enough reasons to want
to support more than x.509?
(From my p-o-v, I guess I'd argue that any TA related work starting
in 2008 shouldn't only support x.509.)
I'm involved in this because I see a value for it for what I do with
X.509. But I also need it for OpenPGP, as well.
Well, maybe not *need*. One of the things about OpenPGP is that it
has a number of quasi-standard, ad-hoc ways to do a lot of things. I
mean "quasi-standard" that we all do it the same way, and there's no
document describing that way.
Also, OpenPGP has always had the notion that roots are in the eye of
the beholder, and any certificate can be a root.
However, it would be very, very useful to have TAM specify how to
push trust points around. It fills a huge gap in the documentation of
how the larger world works.
My first observation to the draft-00 was to ask if it was PKIX-
specific. The answer then was that it's not. That's great, to me. I
want this for other certificate types, most specifically OpenPGP. I
have been broader than that because I know people building systems
and considering using SPKI, and they would need this, too, or have to
develop their own, ad-hoc way of doing it.
Jon
--
Jon Callas
CTO, CSO
PGP Corporation Tel: +1 (650) 319-9016
3460 West Bayshore Fax: +1 (650) 319-9001
Palo Alto, CA 94303 PGP: ed15 5bdf cd41 adfc 00f3
USA 28b6 52bf 5a46 bc98 e63d
