At 1:48 PM -0700 8/13/07, Jon Callas wrote:
...
I'm involved in this because I see a value for it for what I do with
X.509. But I also need it for OpenPGP, as well.
Well, maybe not *need*. One of the things about OpenPGP is that it
has a number of quasi-standard, ad-hoc ways to do a lot of things. I
mean "quasi-standard" that we all do it the same way, and there's no
document describing that way.
Also, OpenPGP has always had the notion that roots are in the eye of
the beholder, and any certificate can be a root.
The term used in X.509/PKIX (and this would-be WG) is TA, and X.509
allows any key (not just certs) to be used as a TA, and yes, the
decision is purely up to the relying party; but we DO write thus
stuff down :-).
However, it would be very, very useful to have TAM specify how to
push trust points around. It fills a huge gap in the documentation
of how the larger world works.
I'm puzzled by this comment. Unles you're suggesting that the
protocol that is developed must mimic what OPGP does, one ought not
argue that "It fills a huge gap in the documentation of how the
larger world works."
My first observation to the draft-00 was to ask if it was
PKIX-specific. The answer then was that it's not. That's great, to
me. I want this for other certificate types, most specifically
OpenPGP. I have been broader than that because I know people
building systems and considering using SPKI, and they would need
this, too, or have to develop their own, ad-hoc way of doing it.
SPKI is not an IETF standard, and in earlier discussion on the list I
think we agreed to not include it.
Steve
