Re: [Acme] Proposed ACME Charter Language

On Mon, Apr 20, 2015 at 9:11 AM, Russ Housley <housley@vigilsec.com> wrote:

> Stephen:
>
> If that paragraph were removed, would you be happier with the charter?  If
> so, consider it gone.  I'm willing to assume that an attempt to replace
> things that people are using will meet with vigorous discussion.

I would suggest we do as you propose and remove this text. I think there
will
be plenty of occasion for people in the WG to argue about using existing
stuff
versus building anew.

-Ekr

>
> Russ
>
>
> On Apr 20, 2015, at 12:05 PM, Stephen Farrell wrote:
>
> >
> >
> > On 20/04/15 16:57, Russ Housley wrote:
> >> Stephen:
> >>
> >> I did not see the ACME effort as trying to throw everything out.
> >
> > If it is not used, then I don't think we're throwing it out:-)
> >
> >> Rather, throw out the parts that have been an impediment to the kind
> >> of automation proposed by ACME, but document the shortcoming.
> >
> > Sorry, I'm still not getting it. I don't see any need for ACME
> > to document why CMP etc failed or what was wrong with CMP that
> > may have caused it to fail. And the same for CMC etc. BTW by
> > "fail" here I mean: not used by the major deployed PKIs on the
> > public Internet.
> >
> > I also see no need at all to even try to re-use ASN.1 PDU
> > structures that are defined in CRMF etc.
> >
> > I do think that ACME ought learn from the past of course, and
> > am confident that there will be enough participants involved
> > who have that history for that to not be problematic.
> >
> > But I do not think ACME ought be required to re-use any ASN.1
> > PDU definitions from any previous RFCs on this topic.
> >
> > Do we agree or disagree on that last? (I'm trying to get to
> > quite specific meanings for "duplicate.")
> >
> > Cheers,
> > S.
> >
> >
> >
> >>
> >> Russ
> >>
> >> On Apr 20, 2015, at 11:43 AM, Stephen Farrell wrote:
> >>
> >>>
> >>> Hi Russ,
> >>>
> >>> This bit puzzles me a lot, other bits puzzle me a little:-)
> >>>
> >>> On 20/04/15 16:23, Russ Housley wrote:
> >>>> The ACME WG will not duplicate work from previous IETF
> >>>> certificate management efforts.
> >>>
> >>> If accepted, that would seem to me to nullify the entire effort.
> >>> Can you explain why I'm reading it wrong?
> >>>
> >>> ACME absolutely will duplicate work from previous IETF certificate
> >>> management efforts that have failed to get traction over the last
> >>> decade and a half. That is entirely fine IMO and needs no explicit
> >>> justification whatsoever since we have 15 years of crystal clear
> >>> non-use, outside of niche environments. (It is true that what is
> >>> now considered a niche was not so considered back then.)
> >>>
> >>> In fact I believe anyone who claims such duplication is a problem
> >>> should be the one to provide evidence for that by documenting
> >>> exactly why and at what scale.
> >>>
> >>> It is just not credible for us to pretend that CMC, CMP, or EST are
> >>> widely used for certificate management on the public Internet. If
> >>> I'm wrong there I would really love to see the evidence but absent
> >>> such, duplicating bits of functionality present in current RFCs
> >>> that are not at all widely used is what is needed for this effort
> >>> and needs to be encouraged.
> >>>
> >>> I think we really ought bottom out on this aspect before chartering
> >>> - it'd be dumb of us to charter an ACME WG that has to fight all
> >>> the CRMF battles over again, or the ASN.1 vs. whatever issues. So I
> >>> hope lots of voices chime in and say what they think.
> >>>
> >>> S.
> >>>
> >>> _______________________________________________ Acme mailing list
> >>> Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
> >>
> >>
> >>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>