At 11:15 AM -0700 8/14/07, Jon Callas wrote:
...
SPKI is not an IETF standard, and in earlier discussion on the list
I think we agreed to not include it.
I remember an argument that it not be included. I remember that
particular reason being given, and that that reason is a good one.
However, I also remember the counter-argument, and that argument
being that since certs-in-DNS includes it, why not TAM, *if* it is
little more than assigning a constant that places a type on a
following blob. I also believe that one is a good one. I also
remember us all agreeing to stop debating, at least implicitly,
because that's a side issue to the core of TAM.
I keep saying that the format of what is being moved about is not
nearly so hard a problem as the semantics of what is being moved, but
either nobody believes me or nobody is listening. I can;t tell which
based on he responses :-).
Nonetheless, I perceive your arguments saying that no other
certificate system other than X.509 should be under the TAM aegis. I
perceive that you argued in specific that OpenPGP need not be there,
citing Mr Atkins, and asking if some one who is actually an
implementer or author or something to come forward -- as if I, who
have been here all along, am neither.
What I think I said was that, in my conversations with two other
folks at the IETF meeting, before the TAM BoF, my perception was that
there was little or no expressed need for TAM outside of the X.509
context. Derek has since indicated that I misunderstood his comment,
although he has yet to rely to my question of what he meant by "trust
semantics." I don't recall the reference to "an implementer or author
or something" and it doesn't sound like the sort of language I use,
so I'll pass on the last sentence in the paragraph above.
I'm happy to debate a generalized certificate theory here, or over a
beer. For the purposes of TAM, however, my opinions about
certificates, however interesting anyone finds them, are irrelevant.
The relevance to TAM is solely in saying, "I want TAM for OpenPGP,
and here's why." I say that as an OpenPGP author, and as an
implementer of multi-format PKIs.
Your statement certainly counts as a valid expression of interest,
However, one of the problems we have in the IETF when dealing with a
BoF is that we may see see interest expressed by multiple,
independent constituencies. They may not be able to agree on what a
WG would do, but they all like he idea of creating a WG so that they
can pursue their notion of what needs to be done. Te cognizant Ad
needs to decide if this will lead to a successful WG, or a protracted
debate over definitions, requirements, etc. We are at that stage now.
I think that if TAM becomes X.509-only, that's fine, but it
shouldn't be chartered as a separate working group, it ought to be a
work item for PKIX. The whole reason for it being a separate WG
would be if it's broad enough to have appeal outside of PKIX.
We agree. However, this is still an open question, relative to the
criteria I noted above, i.e, it's not enough to have a group of folks
who want to address TA management that is broader than the X.509
context. There has to be a coherent view of what TA management is, in
this broader context, to give Tim Polk confidence that a newly
chartered WG will generate usefu specs.
Mind you, if it's PKIX-only, I still want it and need it. I won't go
away, and it will give me reason to pay attention to PKIX again.
(The fact that I don't presently is because I think y'all do a fine
job without me. I trust you.)
Thanks for the compliment.
Steve
