To:
keydist@cafax.se
From:
Paul Hoffman / IMC <phoffman@imc.org>
Date:
Wed, 2 Jan 2002 19:57:32 -0800
Delivery-Date:
Thu Jan 3 05:29:39 2002
In-Reply-To:
<Pine.OSX.4.42.0201022026060.411-100000@criollo.schlyter.pp.se>
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
A few comments on the threads so far. Randy: it is hard for those of us who weren't around in the DNSSEC discussion of keys and certs to know what it is you want. You said (approximately) "this should be being done in the Security Area" and "we should wait for the Apps area to tell us they need it". As someone who straddles both areas, I can tell you that both suggestions can be read as the equivalent of "this will never happen". The PKIX WG has done a pretty lousy job of standardizing access to certs. We have a bunch of competing methods for cert retrieval, few of which are typically implemented in the real world. The dirty little secret is that no one likes LDAP; even though it is the primary cert retrieval protocol, only a small number of people in the PKIX follows the spec. The Apps area still doesn't understand public key cryptography well enough to know whether we want certs or keys, and we have gotten almost no help from the Security area other than statements like "run it over TLS". Everyone: you have to decide whether you want certs or keys. In either case, you have to deal with the expected mechanism of trust. Without that, you can't design an access protocol because you can't tell how many round trips you will need, you can't tell whether the user expects to get all her information from one spot or has to find multiple certs, and so on. And you have to deal with the extremely thorny issue of how the user trusts either a root key or a particular key they have been handed. Again, going to the security area for this is Very Bad Idea. They aren't applications folks, nor do they particularly like applications folks. --Paul Hoffman, Director --Internet Mail Consortium