IETF Logo Mail Archive

Re: [pkix] Agenda requests for Paris

Stefan Santesson <stefan@aaa-sec.com> Sun, 18 March 2012 15:44 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3D0F21F84AE for <pkix@ietfa.amsl.com>; Sun, 18 Mar 2012 08:44:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.249
X-Spam-Level:
X-Spam-Status: No, score=-103.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ALr0HaE5RKts for <pkix@ietfa.amsl.com>; Sun, 18 Mar 2012 08:44:07 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.115]) by ietfa.amsl.com (Postfix) with ESMTP id 3B51121F849D for <pkix@ietf.org>; Sun, 18 Mar 2012 08:43:59 -0700 (PDT)
Received: from s87.loopia.se (localhost [127.0.0.1]) by s87.loopia.se (Postfix) with ESMTP id 49D841DC6E0D for <pkix@ietf.org>; Sun, 18 Mar 2012 16:43:57 +0100 (CET)
X-Virus-Scanned: amavisd-new at outgoing-smtp.loopia.se
Received: from s87.loopia.se ([127.0.0.1]) by s87.loopia.se (s87.loopia.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id YZWJCSbeCUKy for <pkix@ietf.org>; Sun, 18 Mar 2012 16:43:56 +0100 (CET)
Received: from s331.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id AF9431DC6D88 for <pkix@ietf.org>; Sun, 18 Mar 2012 16:43:56 +0100 (CET)
Received: (qmail 32118 invoked from network); 18 Mar 2012 15:43:56 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.3]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s331.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <anders.rundgren@telia.com>; 18 Mar 2012 15:43:56 -0000
User-Agent: Microsoft-MacOutlook/14.14.0.111121
Date: Sun, 18 Mar 2012 16:43:36 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: Anders Rundgren <anders.rundgren@telia.com>, Yoav Nir <ynir@checkpoint.com>
Message-ID: <CB8BC0E6.36A0D%stefan@aaa-sec.com>
Thread-Topic: [pkix] Agenda requests for Paris
In-Reply-To: <4F65FF81.7070007@telia.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: "pkix@ietf.org" <pkix@ietf.org>
Subject: Re: [pkix] Agenda requests for Paris
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2012 15:44:09 -0000

Anders,

Do you have an A shaped teflon non-stick desk at your office?
I think it would suit your quite well.

/Stefan

On 12-03-18 4:30 PM, "Anders Rundgren" <anders.rundgren@telia.com> wrote:

>On 2012-03-18 12:15, Yoav Nir wrote:
>> Anders,
>> 
>> IMO "relevant" is whatever the group decides is relevant as long as the
>> IESG agrees. If you want the working group to do something, such as
>>mobile
>> devices with embedded credentials, you should propose this to the group.
>
>Once upon time there was a single enterprise OS standard; it was called
>Windows.
>Each vendor could easily create s.c. "Windows-compatible" solutions by a
>bunch
>of proprietary DLLs and EXEs.
>
>These days are gone.  Now customers are facing a multitude of mobile
>devices
>with quite different software distribution and security models.
>
>Currently I'm struggling with a mobile PKI + FW using Cisco's ASA +
>AnyConnect.
>The absence of useful enrollment/setup standards in this space force you
>into
>"rooted" phones, quirky user-interfaces, least common denominator
>functionality,
>and extended deployment times.
>
>Unless something in the process (and attitude) changes, I remain
>convinced that
>PKIX should stick to the PKI core and leave applications like EST aside.
>
>Anders
>
>> 
>> A few years ago I had a proposal to IPsecME but couldn't attend. I
>>asked someone else who *was* attending to present it for me. I prepared
>>the slides and everything, and listened to the audio stream. While there
>>is work being done (see the vmeet list) that may allow people to present
>>remotely, results so far have been a mixed bag. Surely you can go to
>>https://www.ietf.org/registration/ietf83/attendance.py , and find one of
>>the 1347 people listed there (as of right now) who might be interested
>>enough to present slides that you would prepare for him or her.
>> 
>> I don't think a time slot reserved for "discussion of the fact that
>>mobile devices with embedded credentials will most likely constitute of
>>the bulk of the client-side of PKI" will do much without a draft, a
>>presentation, or at the very least, someone to lead the discussion.
>> 
>> Yoav
>> 
>> -----Original Message-----
>> From: pkix-bounces@ietf.org [mailto:pkix-bounces@ietf.org] On Behalf Of
>>Anders Rundgren
>> Sent: 18 March 2012 11:38
>> To: Stefan Santesson
>> Cc: pkix@ietf.org
>> Subject: Re: [pkix] Agenda requests for Paris
>> 
>> On 2012-03-18 01:45, Stefan Santesson wrote:
>>> Anders,
>>>
>>> You are missing the point.
>> 
>> Not really, I'm just looking at things from a different angle.
>> 
>> IMHO, "relevance" has become an overarching issue for SDOs due to the
>>fact that the IT-landscape has changed tremendously the last ten years:
>> 
>> - Continuously shorter product cycles
>> - Vendors that single-handedly define complete and globally operating
>>ecosystems, from devices to services
>> - Open source as a means to reduce costs and improve interoperability
>> 
>> Since "my" issue (affecting billions of other humans) obviously is not
>>of any interest to you or Steve, PKIX's future probably is about
>>managing the PKI core documents (Certificates, CRL and OCSP).
>> 
>> Thar said, new efforts in the more application-oriented part of the PKI
>>universe, like the recent EST work-item seems much less likely to pan
>>out since these require alien elements like strategy, marketing, and gap
>>analysis.
>> 
>> OTOH, deployment given the current SCVP/OCSP discussions doesn't seem
>>to be a major issue.  In my world deployment and relevance are
>>synonymous.
>> Yes, I know this is a minority view :-)
>> 
>> Anders
>> 
>>>
>>> You are free to discuss any issues that are related to the charter of
>>> this WG.
>>> If you want to discuss things with other IETFers, it is a great
>>> opportunity to come to the conference and talk to people.
>>>
>>> Just don't expect people to spend time discussing your issues at the
>>> meeting unless you are prepared to come and ask for a timeslot.
>>>
>>> /Stefan
>>>
>>>
>>>
>>> On 12-03-17 2:09 PM, "Anders Rundgren" <anders.rundgren@telia.com>
>>>wrote:
>>>
>>>> On 2012-03-17 13:32, Stefan Santesson wrote:
>>>>> Anders,
>>>>>
>>>>> It does not work that way, no matter how interesting your issue
>>>>> might be.
>>>>
>>>> You mean that IETF statutes doesn't permit discussing possible future
>>>> work-items without a proposer actually being physically present?
>>>>
>>>> Anyway, your college in the Swedish EID2-project Leif Johansson,
>>>> indeed mentioned the very same issue "as highly problematic" in a
>>>> panel session in the IDTrust/NSTIC event that we both attended this
>>>> week in Washington DC.
>>>>
>>>> Somewhat related: From what I can see the rationale for EST haven't
>>>> been discussed at all on this list. I don't think even Cisco in the
>>>> end will support EST since it doesn't add functional improvements.
>>>> Even the target "Simple PKI client" seems to be left to the reader to
>>>> guess what it could possibly be.  Do YOU know?
>>>>
>>>> Anders
>>>>
>>>>>
>>>>> If you want to raise an issue at the meeting, then you need to ask
>>>>> for a slot and show up at the meeting.
>>>>> If you can't be bothered, convince someone that will be present to
>>>>> do it for you.
>>>>>
>>>>> If you can't do that even, then discuss it on the list.
>>>>>
>>>>> /Stefan
>>>>>
>>>>> On 12-03-17 9:56 AM, "Anders Rundgren" <anders.rundgren@telia.com>
>>>>> wrote:
>>>>>
>>>>>> Stefan,
>>>>>> I will unfortunately not be able to attend.
>>>>>>
>>>>>> May I suggest that the crowd spends some 10 minutes on discussing
>>>>>> how PKIX intends to deal with the fact that mobile devices with
>>>>>> embedded credentials will most likely constitute of the bulk of the
>>>>>> client-side of PKI?
>>>>>>
>>>>>> Even the US government have realized (it took some time...) that
>>>>>> "Derived Credentials" is probably a better solution than "putting
>>>>>> PIV on a string":
>>>>>>
>>>>>>
>>>>>> http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2012-02/feb
>>>>>> 1_nis
>>>>>> t-
>>>>>> 800-63-1_overview_enewton.pdf
>>>>>>
>>>>>> It is (at least to me) obvious that ambitious efforts such as
>>>>>> President Obama's NSTIC program won't go particularly far without
>>>>>> having secure, convenient, and interoperable enrollment solutions.
>>>>>>
>>>>>> However, then we enter the minefield known as "Token Provisioning"
>>>>>> which
>>>>>> currently only is covered by proprietary solutions like the Google
>>>>>> Wallet.
>>>>>>
>>>>>> Giving in to Google may though be the best for the market since a
>>>>>> leading vendor can (as Microsoft did in the past) indirectly
>>>>>> enforce the necessary "compliance" on the other parties.
>>>>>>
>>>>>> The opportunity for a standard addressing 5-10 BILLION of connected
>>>>>> devices won't exist 3 years from now, at least if we are talking
>>>>>> about a *used* ditto.
>>>>>>
>>>>>> If you are the daring type you might even perform a straw poll on
>>>>>> the topic :-)
>>>>>>
>>>>>> Anders
>> 
>

v2.23.0 | Report a Bug | By Email