Re: [pkix] Agenda requests for Paris
Stefan Santesson <stefan@aaa-sec.com> Sun, 18 March 2012 15:44 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3D0F21F84AE for <pkix@ietfa.amsl.com>; Sun, 18 Mar 2012 08:44:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.249
X-Spam-Level:
X-Spam-Status: No, score=-103.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ALr0HaE5RKts for <pkix@ietfa.amsl.com>; Sun, 18 Mar 2012 08:44:07 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.95.115]) by ietfa.amsl.com (Postfix) with ESMTP id 3B51121F849D for <pkix@ietf.org>; Sun, 18 Mar 2012 08:43:59 -0700 (PDT)
Received: from s87.loopia.se (localhost [127.0.0.1]) by s87.loopia.se (Postfix) with ESMTP id 49D841DC6E0D for <pkix@ietf.org>; Sun, 18 Mar 2012 16:43:57 +0100 (CET)
X-Virus-Scanned: amavisd-new at outgoing-smtp.loopia.se
Received: from s87.loopia.se ([127.0.0.1]) by s87.loopia.se (s87.loopia.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id YZWJCSbeCUKy for <pkix@ietf.org>; Sun, 18 Mar 2012 16:43:56 +0100 (CET)
Received: from s331.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id AF9431DC6D88 for <pkix@ietf.org>; Sun, 18 Mar 2012 16:43:56 +0100 (CET)
Received: (qmail 32118 invoked from network); 18 Mar 2012 15:43:56 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.3]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s331.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <anders.rundgren@telia.com>; 18 Mar 2012 15:43:56 -0000
User-Agent: Microsoft-MacOutlook/14.14.0.111121
Date: Sun, 18 Mar 2012 16:43:36 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: Anders Rundgren <anders.rundgren@telia.com>, Yoav Nir <ynir@checkpoint.com>
Message-ID: <CB8BC0E6.36A0D%stefan@aaa-sec.com>
Thread-Topic: [pkix] Agenda requests for Paris
In-Reply-To: <4F65FF81.7070007@telia.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: "pkix@ietf.org" <pkix@ietf.org>
Subject: Re: [pkix] Agenda requests for Paris
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2012 15:44:09 -0000
Anders, Do you have an A shaped teflon non-stick desk at your office? I think it would suit your quite well. /Stefan On 12-03-18 4:30 PM, "Anders Rundgren" <anders.rundgren@telia.com> wrote: >On 2012-03-18 12:15, Yoav Nir wrote: >> Anders, >> >> IMO "relevant" is whatever the group decides is relevant as long as the >> IESG agrees. If you want the working group to do something, such as >>mobile >> devices with embedded credentials, you should propose this to the group. > >Once upon time there was a single enterprise OS standard; it was called >Windows. >Each vendor could easily create s.c. "Windows-compatible" solutions by a >bunch >of proprietary DLLs and EXEs. > >These days are gone. Now customers are facing a multitude of mobile >devices >with quite different software distribution and security models. > >Currently I'm struggling with a mobile PKI + FW using Cisco's ASA + >AnyConnect. >The absence of useful enrollment/setup standards in this space force you >into >"rooted" phones, quirky user-interfaces, least common denominator >functionality, >and extended deployment times. > >Unless something in the process (and attitude) changes, I remain >convinced that >PKIX should stick to the PKI core and leave applications like EST aside. > >Anders > >> >> A few years ago I had a proposal to IPsecME but couldn't attend. I >>asked someone else who *was* attending to present it for me. I prepared >>the slides and everything, and listened to the audio stream. While there >>is work being done (see the vmeet list) that may allow people to present >>remotely, results so far have been a mixed bag. Surely you can go to >>https://www.ietf.org/registration/ietf83/attendance.py , and find one of >>the 1347 people listed there (as of right now) who might be interested >>enough to present slides that you would prepare for him or her. >> >> I don't think a time slot reserved for "discussion of the fact that >>mobile devices with embedded credentials will most likely constitute of >>the bulk of the client-side of PKI" will do much without a draft, a >>presentation, or at the very least, someone to lead the discussion. >> >> Yoav >> >> -----Original Message----- >> From: pkix-bounces@ietf.org [mailto:pkix-bounces@ietf.org] On Behalf Of >>Anders Rundgren >> Sent: 18 March 2012 11:38 >> To: Stefan Santesson >> Cc: pkix@ietf.org >> Subject: Re: [pkix] Agenda requests for Paris >> >> On 2012-03-18 01:45, Stefan Santesson wrote: >>> Anders, >>> >>> You are missing the point. >> >> Not really, I'm just looking at things from a different angle. >> >> IMHO, "relevance" has become an overarching issue for SDOs due to the >>fact that the IT-landscape has changed tremendously the last ten years: >> >> - Continuously shorter product cycles >> - Vendors that single-handedly define complete and globally operating >>ecosystems, from devices to services >> - Open source as a means to reduce costs and improve interoperability >> >> Since "my" issue (affecting billions of other humans) obviously is not >>of any interest to you or Steve, PKIX's future probably is about >>managing the PKI core documents (Certificates, CRL and OCSP). >> >> Thar said, new efforts in the more application-oriented part of the PKI >>universe, like the recent EST work-item seems much less likely to pan >>out since these require alien elements like strategy, marketing, and gap >>analysis. >> >> OTOH, deployment given the current SCVP/OCSP discussions doesn't seem >>to be a major issue. In my world deployment and relevance are >>synonymous. >> Yes, I know this is a minority view :-) >> >> Anders >> >>> >>> You are free to discuss any issues that are related to the charter of >>> this WG. >>> If you want to discuss things with other IETFers, it is a great >>> opportunity to come to the conference and talk to people. >>> >>> Just don't expect people to spend time discussing your issues at the >>> meeting unless you are prepared to come and ask for a timeslot. >>> >>> /Stefan >>> >>> >>> >>> On 12-03-17 2:09 PM, "Anders Rundgren" <anders.rundgren@telia.com> >>>wrote: >>> >>>> On 2012-03-17 13:32, Stefan Santesson wrote: >>>>> Anders, >>>>> >>>>> It does not work that way, no matter how interesting your issue >>>>> might be. >>>> >>>> You mean that IETF statutes doesn't permit discussing possible future >>>> work-items without a proposer actually being physically present? >>>> >>>> Anyway, your college in the Swedish EID2-project Leif Johansson, >>>> indeed mentioned the very same issue "as highly problematic" in a >>>> panel session in the IDTrust/NSTIC event that we both attended this >>>> week in Washington DC. >>>> >>>> Somewhat related: From what I can see the rationale for EST haven't >>>> been discussed at all on this list. I don't think even Cisco in the >>>> end will support EST since it doesn't add functional improvements. >>>> Even the target "Simple PKI client" seems to be left to the reader to >>>> guess what it could possibly be. Do YOU know? >>>> >>>> Anders >>>> >>>>> >>>>> If you want to raise an issue at the meeting, then you need to ask >>>>> for a slot and show up at the meeting. >>>>> If you can't be bothered, convince someone that will be present to >>>>> do it for you. >>>>> >>>>> If you can't do that even, then discuss it on the list. >>>>> >>>>> /Stefan >>>>> >>>>> On 12-03-17 9:56 AM, "Anders Rundgren" <anders.rundgren@telia.com> >>>>> wrote: >>>>> >>>>>> Stefan, >>>>>> I will unfortunately not be able to attend. >>>>>> >>>>>> May I suggest that the crowd spends some 10 minutes on discussing >>>>>> how PKIX intends to deal with the fact that mobile devices with >>>>>> embedded credentials will most likely constitute of the bulk of the >>>>>> client-side of PKI? >>>>>> >>>>>> Even the US government have realized (it took some time...) that >>>>>> "Derived Credentials" is probably a better solution than "putting >>>>>> PIV on a string": >>>>>> >>>>>> >>>>>> http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2012-02/feb >>>>>> 1_nis >>>>>> t- >>>>>> 800-63-1_overview_enewton.pdf >>>>>> >>>>>> It is (at least to me) obvious that ambitious efforts such as >>>>>> President Obama's NSTIC program won't go particularly far without >>>>>> having secure, convenient, and interoperable enrollment solutions. >>>>>> >>>>>> However, then we enter the minefield known as "Token Provisioning" >>>>>> which >>>>>> currently only is covered by proprietary solutions like the Google >>>>>> Wallet. >>>>>> >>>>>> Giving in to Google may though be the best for the market since a >>>>>> leading vendor can (as Microsoft did in the past) indirectly >>>>>> enforce the necessary "compliance" on the other parties. >>>>>> >>>>>> The opportunity for a standard addressing 5-10 BILLION of connected >>>>>> devices won't exist 3 years from now, at least if we are talking >>>>>> about a *used* ditto. >>>>>> >>>>>> If you are the daring type you might even perform a straw poll on >>>>>> the topic :-) >>>>>> >>>>>> Anders >> >
- Agenda requests for Paris Tim Polk
- [pkix] Agenda requests for Paris Stephen Kent
- Re: [pkix] Agenda requests for Paris Stefan Santesson
- [pkix] Authentication context QC statement Stefan Santesson
- Re: [pkix] Agenda requests for Paris Anders Rundgren
- Re: [pkix] Agenda requests for Paris Stefan Santesson
- Re: [pkix] Agenda requests for Paris Anders Rundgren
- Re: [pkix] Authentication context QC statement Anders Rundgren
- Re: [pkix] Agenda requests for Paris Stefan Santesson
- Re: [pkix] Authentication context QC statement Stefan Santesson
- Re: [pkix] Agenda requests for Paris Anders Rundgren
- Re: [pkix] Agenda requests for Paris Yoav Nir
- Re: [pkix] Agenda requests for Paris Anders Rundgren
- Re: [pkix] Agenda requests for Paris Stefan Santesson
- Re: [pkix] Agenda requests for Paris Yoav Nir
- [pkix] Mobile Enrollment. Was: Agenda requests fo… Anders Rundgren
- Re: [pkix] Agenda requests for Paris Stephen Kent
- Re: [pkix] Agenda requests for Paris Anders Rundgren