IETF Logo Mail Archive

Re: [pkix] SCEP vs CMC vs CMP

Paul Hoffman <phoffman@imc.org> Thu, 28 October 2010 15:30 UTC

Return-Path: <phoffman@imc.org>
X-Original-To: pkix@core3.amsl.com
Delivered-To: pkix@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1E9043A683C for <pkix@core3.amsl.com>; Thu, 28 Oct 2010 08:30:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.524
X-Spam-Level:
X-Spam-Status: No, score=-0.524 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_05=-1.11, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NH2Oh+pkd6Ie for <pkix@core3.amsl.com>; Thu, 28 Oct 2010 08:30:16 -0700 (PDT)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id B50EB3A677C for <pkix@ietf.org>; Thu, 28 Oct 2010 08:30:15 -0700 (PDT)
Received: from [10.20.30.151] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o9SFW5Uo036297 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 28 Oct 2010 08:32:06 -0700 (MST) (envelope-from phoffman@imc.org)
Mime-Version: 1.0
Message-Id: <p0624084ac8ef478e4869@[10.20.30.151]>
In-Reply-To: <01da01cb76b4$992f5d00$cb8e1700$@yegin@yegin.org>
References: <017701cb7676$63397700$29ac6500$@yegin@yegin.org> <4CC98278.3090500@telia.com> <01da01cb76b4$992f5d00$cb8e1700$@yegin@yegin.org>
Date: Thu, 28 Oct 2010 08:32:04 -0700
To: Alper Yegin <alper.yegin@yegin.org>, 'Anders Rundgren' <anders.rundgren@telia.com>, pkix@ietf.org, "'Miller, Timothy J.'" <tmiller@mitre.org>
From: Paul Hoffman <phoffman@imc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [pkix] SCEP vs CMC vs CMP
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Oct 2010 15:30:17 -0000

At 6:27 PM +0300 10/28/10, Alper Yegin wrote:
>Thank you for the answers.
>Sorry, I didn't mean to reopen wounds :-)
>
>To be more specific, we are looking for ways to enroll X.509 certificates on
>mobile terminals to be used for WiFi network access authentication.

SCEP is not your answer. It is narrowly limited to IPsec VPN boxes, and a small subset of that market.

That's one less wound to open, but the CMC and CMP wounds are still oozing plenty of (graphic elaboration elided...)

v2.46.0 | Report a Bug | By Email | System Status