Dear TAM participants,
I had a conference call with the BOF co-chairs a few weeks ago
concerning the status of
the Trust Anchor Management BOF. The group has made a lot of
progress, but I am not
ready to advocate a new working group at this time. The co-chairs
asked me to send an
email to the list that summarizes my issues.
I should begin by stating that it is clear to me that some form of
trust anchor management
protocol can and should be pursued in the IETF. It is not clear to
me whether a new
working group would be the most effective mechanism, or if IETF
community would be
best served by pursuing this work in an existing working group.
Here are the open issues, as I see them:
(1) A largely government user community has been clearly established,
but broader support
is required for real success. In particular, I would like to see
more from the vendor community
indicate they are likely to adopt the output from TAM.
(Please note that "vendor community" is not a euphemism for browser
vendors, although they
would certainly qualify. There was some indication that network
appliances and other
infrastructure devices might be the initial adopters. Those vendors
would satisfy my requirement
as well! I am simply not interested in sponsoring a group unless
some vendors are
interested in building the spec.)
(2) In the Chicago meeting, participants seemed uncertain about the
scope of this effort. Numerous
participants indicated they would probably implement "it", depending
on what "it" turned out
to be. I do not believe this issue has been sufficiently resolved.
(3) I remain nervous about the level of commitment to participate in
the working group.
I believe there is sufficient interest to justify a milestone in an
existing wg, but have not seen
a deep enough pool of players to provide chairs, editors, and
revierwers. In my opinion, this is
a direct result of (2). Several expressed tentative commitment to
participate or implement,
contingent on clarifying that scope.
As a result, I requested the submission of the draft-housley-tamp-00
draft. I am hoping that a
concrete proposal will help the group converge on a definition of
"it", and help me to verify that
a broad consensus exists to develop and deploy a trust anchor
management protocol. To be
honest, I was hoping to see a greater volume of traffic, although at
91 pages folks may still be
working through a first pass.
*Please* take the time to review this draft, and provide your input
to the list. This is a critical metric
in my opinion towards determining whether TAM is mature enough to
charter as a working group
or should be integrated into an existing working group.
Thanks,
Tim Polk
