On Oct 15, 2013, at 2:52 PM, Stephen Kent <k...@bbn.com> wrote: > Joel, > > Thanks for the quick reply. > ... >>> Which RFC mandated this? My guess is NONE. >>> >> the recommendation comes from nist 800-131A and 800-57 I'd link to them if >> the nist website were up but it isn't. > OK, then, as I suspected, this is not the result of any RFC. > >> I'm not particularly enamoured of the idea the the IETF is the sole or even >> principle arbiter of industry consensus, so lets assume that it isn't. >> Whether you want to pay the cpu consumption tax or not, there's enough >> industry consensus on the subject that you don't have a choice. > I agree that the IETF is not an arbiter of industry consensus. The question > being debated on this > list is whether it ought to become more of an arbiter of what users and > service providers do, > by mandating use of security mechanisms, vs. just offering specs for > interoperable mechanisms. > > BTW, who got to form the industry consensus this time? How many folks, and in > what venue?
I belive the vehicle for coordination that was the ca/b forum www.cabforum.org Tim Moses who is one of the wpkops co-chairs is also the chair of that iirc so I would defer to an expert there. > > Steve > >
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass