> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Stephen Kent > Sent: Thursday, August 16, 2007 9:21 AM > To: Cat Okita > Cc: ietf-trust-anchor@vpnc.org > Subject: RE: Issue with the requirements document: > PKIX-centric terminology > > > At 10:28 PM -0400 8/14/07, Cat Okita wrote: > >On Fri, 10 Aug 2007, Stephen Kent wrote: > >>I think we should make decisions about what work to do in the IETF > >>based on who participates in the IETF work, not based on who we > >>believe may benefit. > > > >I think this is the attitude that leads many people to > believe that the > >IETF is a pointless waste of time. > > > >My understanding was that the goals of the IETF include > producing well > >considered and designed protocols that are a benefit to all, and > >readily used by all, not a group of inbred pedants intent > only on self-gratification. > > > >cheers! > > A great many folks who are not part of the IETF process > benefit from the standards we generate. However, unless folks > actively participate in the process, there is no way to > ensure that external constituencies are well represented. > Moreover, someone who claims to represent such a constituency > is not intrinsically credible. Thus when we decide the scope > of work for a WG, it is common to make decisions based on who > chooses to contribute, and to focus on the IETF context. For > example, the IETF does not develop security standards > targeting the LAN environment unless the IEEE asks us to do so. > > A closer to home example arises in the message Thomas sent recently. > He gave several good examples of uses cases for TAM. > Included in his list was the TCM context (use case #2) and > mobile phones (UC #4). > The TCM case might be problematic because the TCG defines how > TCMs work and TCG is a closed group (one has to pay a fee and > sign an HDA to be a member.) So, only if all of the relevant > documents from TCG are publicly available could we reasonably > address this use case. > (Having Thomas as a contributor helps since he is the editor > of one or more TCG documents that deal with this area!) The > mobile phone use case is likely to be more problematic, as I > believe there are no public standards for ALL mobile phones > re managing signed code validation, etc. It may not make > sense for us to try to address problems in areas where the > IETF has no standing, where there are no public standards, etc. > > Steve
Thanks Steve. In my several years experience with the TCG, the TCG community typically prefers to use existing standards from other bodies/organizations like the IETF and Oasis (instead of re-inventing the wheel). This is why the TCG several years ago decided on the X.509 standard for the TPM-related certificates and profiles. Most (if not all) of the relevant documents for UC#2 are now published documents (available at the TCG website, under the Specs tab). No need to sign/enter anything to download :) In the mobile phone/carrier community, I believe that the Open Mobile Alliance (OMA) and 3GPP also uses X.509. /thomas/
