At the recommendation of Tim Polk, the TAM effort will be introduced to the PKIX Working Group at the December IETF Meeting. It is felt that the PKIX Working Group will be able to provide a wide audience in order to gain more support in the vendor community for the development and implementation of trust anchor management solutions.
A time slot for TAM has already been posted to the PKIX agenda: http://www3.ietf.org/proceedings/07dec/agenda/pkix.txt Please use the PKIX mailing list to continue discussions pertaining to TAM: http://www.imc.org/ietf-pkix/ Thank you, Raksha Reddy -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Polk Sent: Thursday, October 18, 2007 3:33 PM To: ietf-trust-anchor@vpnc.org Cc: Stephen Farrell; Sean Turner; Sam Hartman Subject: selecting a path forward for TAM Dear TAM participants, I had a conference call with the BOF co-chairs a few weeks ago concerning the status of the Trust Anchor Management BOF. The group has made a lot of progress, but I am not ready to advocate a new working group at this time. The co-chairs asked me to send an email to the list that summarizes my issues. I should begin by stating that it is clear to me that some form of trust anchor management protocol can and should be pursued in the IETF. It is not clear to me whether a new working group would be the most effective mechanism, or if IETF community would be best served by pursuing this work in an existing working group. Here are the open issues, as I see them: (1) A largely government user community has been clearly established, but broader support is required for real success. In particular, I would like to see more from the vendor community indicate they are likely to adopt the output from TAM. (Please note that "vendor community" is not a euphemism for browser vendors, although they would certainly qualify. There was some indication that network appliances and other infrastructure devices might be the initial adopters. Those vendors would satisfy my requirement as well! I am simply not interested in sponsoring a group unless some vendors are interested in building the spec.) (2) In the Chicago meeting, participants seemed uncertain about the scope of this effort. Numerous participants indicated they would probably implement "it", depending on what "it" turned out to be. I do not believe this issue has been sufficiently resolved. (3) I remain nervous about the level of commitment to participate in the working group. I believe there is sufficient interest to justify a milestone in an existing wg, but have not seen a deep enough pool of players to provide chairs, editors, and revierwers. In my opinion, this is a direct result of (2). Several expressed tentative commitment to participate or implement, contingent on clarifying that scope. As a result, I requested the submission of the draft-housley-tamp-00 draft. I am hoping that a concrete proposal will help the group converge on a definition of "it", and help me to verify that a broad consensus exists to develop and deploy a trust anchor management protocol. To be honest, I was hoping to see a greater volume of traffic, although at 91 pages folks may still be working through a first pass. *Please* take the time to review this draft, and provide your input to the list. This is a critical metric in my opinion towards determining whether TAM is mature enough to charter as a working group or should be integrated into an existing working group. Thanks, Tim Polk
