IETF Logo Mail Archive

Re: [pkix] SCEP vs CMC vs CMP

max pritikin <pritikin@cisco.com> Tue, 22 March 2011 05:48 UTC

Return-Path: <pritikin@cisco.com>
X-Original-To: pkix@core3.amsl.com
Delivered-To: pkix@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6F12B3A6962 for <pkix@core3.amsl.com>; Mon, 21 Mar 2011 22:48:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.299
X-Spam-Level:
X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id airqfmTpSjRq for <pkix@core3.amsl.com>; Mon, 21 Mar 2011 22:48:49 -0700 (PDT)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id 353183A6961 for <pkix@ietf.org>; Mon, 21 Mar 2011 22:48:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=pritikin@cisco.com; l=1577; q=dns/txt; s=iport; t=1300773022; x=1301982622; h=subject:mime-version:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=ueyW8kGazsJ9TFI/mfiF97GJKiw7ep7vuAFKuX4M70w=; b=SEH3ZhMbDZE+nyK/MP/3S++z0rL5+AlyrCRjy5Z7Zi4YM1B0303KhFDI VgiBAaSAd6OX7V0C7tItGcz6ZHKE2lVI40D5Guqs6vehRiLobuiLQOIMn rYQcG1k0D9405orhIoTU+w24XXlQsmU51tgxQWLo+LjgkOyor2EW+6J/W I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEACrVh02rRDoJ/2dsb2JhbAClRHeITZ0ZnGiFYwSFM4c0g1GIeA
X-IronPort-AV: E=Sophos;i="4.63,224,1299456000"; d="scan'208";a="350407166"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by sj-iport-5.cisco.com with ESMTP; 22 Mar 2011 05:50:22 +0000
Received: from [10.0.1.6] (stealth-10-32-244-66.cisco.com [10.32.244.66]) by mtv-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id p2M5oLUK020571; Tue, 22 Mar 2011 05:50:22 GMT
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: max pritikin <pritikin@cisco.com>
In-Reply-To: <E1Q1qvp-0003KF-Nf@login01.fos.auckland.ac.nz>
Date: Mon, 21 Mar 2011 22:50:21 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <8B3E72C0-B469-40E6-BF2C-B93DAEFA968B@cisco.com>
References: <E1Q1qvp-0003KF-Nf@login01.fos.auckland.ac.nz>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
X-Mailer: Apple Mail (2.1082)
Cc: stefan@aaa-sec.com, pkix@ietf.org
Subject: Re: [pkix] SCEP vs CMC vs CMP
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2011 05:48:50 -0000

re: SCEP

I wasn't involved in the full history of SCEP but my understanding is that a lot of these things you ask about were addressed ---- in the CMC document. Ideally SCEP would have gone away naturally but that didn't happen. I believe the reasons are 'water under the bridge' ... but what we should address now is an existing SCEP document that is widely implemented and the continued confusion.

I currently have the edit token for SCEP and I have been responsive to all requests for edits or clarifications. If you have clarifications about the text describing the existing and widely implemented version(s) of SCEP please feel free to send them to me. Unfortunately the more updates and changes the more it appears to be an active document.

Personally I'd prefer to finalize it "as is" and address improvements and modern requirements in a new document. 

- max

On Mar 21, 2011, at 7:02 PM, Peter Gutmann wrote:

> max pritikin <pritikin@cisco.com> writes:
> 
>> Regarding SCEP: I'd like to see this document published and finalized in a
>> way that accurately reflects its current role so we can move forward.
> 
> <grumble>I'd like to see it incorporate some of the feedback that's been
> submitted for it, e.g. consistency problems with hash algorithm use, removing
> MD5 and DES (!!!) as the mandatory algorithms, switching from the decade-old
> PKCS #7 to the current CMS, and a pile of other stuff that's been requested
> over time but ignored by the authors</grumble>.
> 
> Peter.

v2.46.0 | Report a Bug | By Email | System Status