IETF Logo Mail Archive

Re: [pkix] Simple Certificate Enrollment Protocol (SCEP)

Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 14 October 2014 10:18 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D73F81A7023 for <pkix@ietfa.amsl.com>; Tue, 14 Oct 2014 03:18:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.087
X-Spam-Level:
X-Spam-Status: No, score=-3.087 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ncmQAfU7syQq for <pkix@ietfa.amsl.com>; Tue, 14 Oct 2014 03:18:24 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B0E81A701E for <pkix@ietf.org>; Tue, 14 Oct 2014 03:18:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1413281904; x=1444817904; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=dG0npt8h81XUNtewHGoTOHjLmZXvXH5U0agXeKdNhJQ=; b=Sn3KYDuJM1tFLKDxudBzv+0gtHJNJ+ZK9WvMrNQLWnXLTzcjRyE78LQA /YUXCPZBPQIvY+iJqhuWd3M0tgeC/WuCtMBdLjLFIdXOW4Ce/5MJYKiqC ZjXX8b0KaJzfeM2h2eH0nZ9Sb0siVG0bkmlf+0if7U1m69vsizsJ576E/ w=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="283037261"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from uxchange10-fe4.uoa.auckland.ac.nz ([130.216.4.171]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 14 Oct 2014 23:18:17 +1300
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.70]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0174.001; Tue, 14 Oct 2014 23:18:17 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: IETF PKIX <pkix@ietf.org>
Thread-Topic: [pkix] Simple Certificate Enrollment Protocol (SCEP)
Thread-Index: Ac/nmCuBMMt+dgzWQui3YPP1ZjLWfg==
Date: Tue, 14 Oct 2014 10:18:16 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C739B9CAF27@uxcn10-tdc05.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/pkix/XRuB90uUXcAPYGAm6pbj5j4veDc
Subject: Re: [pkix] Simple Certificate Enrollment Protocol (SCEP)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2014 10:18:29 -0000

Erik Andersen <era@x500.eu> writes:
>Simple Certificate Enrollment Protocol (SCEP) (
>http://www.iec.ch/members_experts/refdocs/iec/isoiec-dir2%7Bed6.0%7Den.pdf)
>appears to be widely used and implemented although it is specified in an old,
>expired Internet draft from 2011 that was never issued as an RFC.
>
>Why was it never issued as an RFC and why should it not be on the standards
>track?

Because it wasn't invented by PKIX.  PKIX have their own two protocols, CMP
and CMC, both of which have practically nonexistent support, and even less
interoperability.  SCEP was invented by Cisco but they're trying to disown it
in favour of another new protocol they've dreamed up with (you guessed it)
practically nonexistent support and interoperability.

Peter.

v2.23.0 | Report a Bug | By Email