IETF Logo Mail Archive

Re: [pkix] Simple Certificate Enrollment Protocol (SCEP)

"Erik Andersen" <era@x500.eu> Tue, 14 October 2014 11:16 UTC

Return-Path: <era@x500.eu>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2C191A854B for <pkix@ietfa.amsl.com>; Tue, 14 Oct 2014 04:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.891
X-Spam-Level:
X-Spam-Status: No, score=-0.891 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DK=1.009, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W-h8K0399EWj for <pkix@ietfa.amsl.com>; Tue, 14 Oct 2014 04:16:43 -0700 (PDT)
Received: from mail04.dandomain.dk (mail04.dandomain.dk [194.150.112.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28ED81A8549 for <pkix@ietf.org>; Tue, 14 Oct 2014 04:16:43 -0700 (PDT)
Received: from Morten ([62.44.134.98]) by mail04.dandomain.dk (DanDomain Mailserver) with ASMTP id 4201410141316388408; Tue, 14 Oct 2014 13:16:38 +0200
From: Erik Andersen <era@x500.eu>
To: PKIX <pkix@ietf.org>
References: <9A043F3CF02CD34C8E74AC1594475C739B9CAF27@uxcn10-tdc05.UoA.auckland.ac.nz>
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C739B9CAF27@uxcn10-tdc05.UoA.auckland.ac.nz>
Date: Tue, 14 Oct 2014 13:16:37 +0200
Message-ID: <001001cfe7a0$52f31640$f8d942c0$@x500.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQIjz5o9RaDncOt0Yx4LRcCXToJP45uHnj0A
Content-Language: da
Archived-At: http://mailarchive.ietf.org/arch/msg/pkix/7XDReBo-HpIvOndHxAO_e33XcPM
Cc: WG15@iectc57.org, Carsten Strunge <CAS@energinet.dk>, Søren Peter Nielsen <soren.peter.nielsen@gmail.com>
Subject: Re: [pkix] Simple Certificate Enrollment Protocol (SCEP)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 11:16:44 -0000

Hi Peter,

Thanks for your quick answer.

The smart grid security folks want to use SCEP as normative reference in
their specification. In the current state of SCEP, this is probably against
the rules of IEC. It might be desirable to progress SCEP to a more official
status. That could be within PKIX as an RFC or as an ITU-T Recommendation to
be progressed very quickly. The latter might require some consent from
Cisco.

Regard,

Erik

-----Oprindelig meddelelse-----
Fra: pkix [mailto:pkix-bounces@ietf.org] På vegne af Peter Gutmann
Sendt: 14. oktober 2014 12:18
Til: IETF PKIX
Emne: Re: [pkix] Simple Certificate Enrollment Protocol (SCEP)

Erik Andersen <era@x500.eu> writes:
>Simple Certificate Enrollment Protocol (SCEP) (
>http://www.iec.ch/members_experts/refdocs/iec/isoiec-dir2%7Bed6.0%7Den.
>pdf) appears to be widely used and implemented although it is specified 
>in an old, expired Internet draft from 2011 that was never issued as an 
>RFC.
>
>Why was it never issued as an RFC and why should it not be on the 
>standards track?

Because it wasn't invented by PKIX.  PKIX have their own two protocols, CMP
and CMC, both of which have practically nonexistent support, and even less
interoperability.  SCEP was invented by Cisco but they're trying to disown
it in favour of another new protocol they've dreamed up with (you guessed
it) practically nonexistent support and interoperability.

Peter.
_______________________________________________
pkix mailing list
pkix@ietf.org
https://www.ietf.org/mailman/listinfo/pkix

v2.30.2 | Report a Bug | By Email | System Status