Hi Tony, Seems like an odd proposal all right.
Technically, I'd say it could do with a lot more work before it'd be ready for prime time. For example, if a node only wants to talk to a few others, why are there so many CAs or "delegators" involved. Seems a bit silly to me tbh but maybe I'm not getting the use-case. Its also obviously pretty much an outline rather than a worked-out proposal. I'd also have thought this likely to be sorted at another layer, e.g. within CoAP maybe, where pre-shared keys with DTLS will be common, and where there would as a result be no PKI at all. Process wise, from the IETF perspective, I think we no longer care really. While we used work closely with the ITU-T folks on X.509, I've not really seen any benefit from that myself for some years now. And afaik anyone who cares just implements from RFC 5280 anyway so changes to X.509 are pretty much fine to ignore. But I'd be interested in hearing if there are in fact IETF participants who continue to think its important that we pay attention to these kinds of changes to X.509. And, if you do, then please say what if anything you think we ought say about such changes proposed within ITU-T. (On or off-list is fine.) Cheers, S. On 17/07/14 23:49, Tony Rutkowski wrote: > Hi Steve, > > The note below was distributed earlier on the ITU-T SG17 > sub-group Q11/17 list by the group's rapporteur. It might > be useful to gauge industry reaction in IETF and CA/B > Forum venues. > > Note that although the document appears on an ITU-T > template, it has not been submitted. In addition, although > the source is indicated as "Denmark," it is not apparent > that the source is any other than than the rapporteur > himself, who is identified as the contact. Lastly, although > the note asserts that "IEC TC57 WG15 (smart grid > security) has requested the inclusion of whitelist > support in X.509," there is no apparent liaison to > this effect. > > --tony > > > -------- Original Message -------- > Subject: [T17Q11] X.509 whitelist support > Date: Thu, 17 Jul 2014 14:43:30 +0200 > From: Erik Andersen <e...@x500.eu> > To: Directory list <x500stand...@freelists.org>, SG17-Q11 > <t13sg17...@lists.itu.int> > CC: SG17-Q10 <t13sg17...@lists.itu.int> > > > > IEC TC57 WG15 (smart grid security) has requested the inclusion of > whitelist support in X.509. A preliminary proposal for such a feature > may be found as > http://www.x500standard.com/uploads/extensions/whitelistInX509.pdf > > The feature may in some way be combined with the trust broker concept, > which probably will involve a number of changes. > > As it is quite important that we have workable solution, any comment is > welcome. I hope you will find the time to review the proposal before it > is submitted to ITU-T. > > Kind regards, > > Erik > > > > _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
