[pkix] SCEP

[Stephen Kent <kent@bbn.com>]

Erik,

Cisco developed and promoted SCEP without submitting it to the IETF, to 
compete
with the cert management protocols that other vendors were developing. This
end run of IETF process was not well received. I had first hand knowledge
of how Cisco pushed SCEP because I served as CT for CyberTrust, a Web PKI
CA, during this time.

Several later Cisco staff approached the IETF asking that SCEP be 
published as an RFC.
They agreed that it could be labelled Historic. (It did not offer alg 
agility, a
feature that we required of all security protocols by that time.) We 
were told
that Cisco just wanted a stable reference for it, nothing more, and that 
they agreed
it should be replaced with a more modern protocol.

So, Tim Polk and I re-wrote the seriously-flawed I-D that they had been 
repeatedly
published (to keep it alive) as an individual submission.  We got very 
close to a
reasonable version that could be published as Historic. Then, during 
lunch at an
IETF meeting, a different Cisco staff member showed up to discuss the 
status of SCEP.
At this lunch meeting he noted that the reason Cisco wanted an RFC 
number for SCEP
(irrespective of the status)  was to be able to cite it in a submission 
to 3GPP!
Apparently, this staff member had not been instructed to lie about their 
real intent.
That  ended the discussion  of SCEP as an RFC.

Subsequently, another Cisco staff member came forward wanting to pursue 
a replacement
for SCEP, with up-to-date features and and a broader focus. This 
proposal went
through numerous revisions and received input from several sources. It 
became EST and
it was issued as an RFC from PKIX.

Steve