RE: request for WG to adopt draft-chadwick-webdav-00.txt as a work item

[Stefan Santesson <stefans@microsoft.com>]

Thanks for bringing this up George.

As for all solutions to problems where there already exist other solutions to the same problems, it is important to determine why we need another solution to the same problem.

There is a value to have a limited standardized set of ways to do things as it makes interoperability easier. Sometimes we choose to offer multiple solutions anyway, mostly to enable re-use of existing infrastructures.

I would like to hear more about why it is important to add this to the menu of repository solutions and revocation mechanisms.

My personal concern about the presented approach is that it changes the trust mechanism for certificate revocation from signed objects (CRLs and OCSP responses) to trust in a repository infrastructure. That is, if I get a certificate in return from an expected location it is supposed to be valid. Yet, when revoked a 1 post CRL is examined making revocation CRL based. I don't think this fits with the model of CRL processing described in section 6.3 of RFC 3280.


Stefan Santesson
Senior Program Manager
Windows Security, Standards


> -----Original Message-----
> From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf-
> pkix@mail.imc.org] On Behalf Of George Michaelson
> Sent: den 6 september 2007 08:47
> To: ietf-pkix@imc.org
> Subject: request for WG to adopt draft-chadwick-webdav-00.txt as a work
> item
>
>
>
> I am very interested in the construction of a systematic framework for
> webdav based publication protocols to be used to publish into
> repositories. Other WG areas of work are considering adoption of
> certificate based models which require large, distributed repositories
> to be maintained, and will imply a repository provisioning protocol.
>
> I therefore wish to propose the WG adopt draft-chadwick-webdav-00.txt
> as a work item.
>
> I would also like to ask that the document be slightly modified, to
> present two distinct parts in the proposal
>
> 1) that part which documents use of WEBDAV as a repository publication
>    protocol and the use of a REST model.
>
> 2) that part which discusses naming of the repository objects in the
>    repository, eg for use in the SIA and AIA fields, and the related
>    REST model name mapping.
>
> The reason I ask that it be re-worked in this way is that there are
> other models of repository naming architecture which do not have
> 'deep' RDN name structure in the certificate Subject name, and are less
> ameanable to a deterministic mapping as Dave has proposed. If the
> document is re-worked slightly to make it plain that this is only one
> of many repository naming models, it will be easier for related work to
> cite this document in reference to part 1) use of WEBDAV and to draw up
> a distinct repository name mapping function reflecting part 2) in
> spirit.
>
> I have some very minor concerns with stipulating the correct TLS
> version to support virtual webhost naming in a secured connection to
> the server during WEBDAV binding. I am sure these can be very easily
> addressed.
>
> Thanks to Dave Chadwick for writing this draft, and presenting it at
> IETF69 Chicago.
>
> -George