IETF Logo Mail Archive

Re: [pkix] Simple Certificate Enrollment Protocol (SCEP)

Stephen Kent <kent@bbn.com> Tue, 21 October 2014 15:54 UTC

Return-Path: <kent@bbn.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 485E91A875E for <pkix@ietfa.amsl.com>; Tue, 21 Oct 2014 08:54:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Level:
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YEcaJEOPHySd for <pkix@ietfa.amsl.com>; Tue, 21 Oct 2014 08:54:36 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C267B1A87A2 for <pkix@ietf.org>; Tue, 21 Oct 2014 08:54:36 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:50517 helo=comsec.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1Xgblb-000Pvb-K9; Tue, 21 Oct 2014 11:54:35 -0400
Message-ID: <544681B8.3080401@bbn.com>
Date: Tue, 21 Oct 2014 11:54:32 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Melinda Shore <melinda.shore@gmail.com>, pkix <pkix@ietf.org>
References: <9A043F3CF02CD34C8E74AC1594475C739B9CAF27@uxcn10-tdc05.UoA.auckland.ac.nz> <001001cfe7a0$52f31640$f8d942c0$@x500.eu> <10AA61E0-BC44-4515-822D-8C9885C9D7EE@vpnc.org> <543D4F5C.4010000@bbn.com> <543D5DE3.50507@gmail.com>
In-Reply-To: <543D5DE3.50507@gmail.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/pkix/Y8DO5BgSNc0fHOIvXqP6E5IArDA
Subject: Re: [pkix] Simple Certificate Enrollment Protocol (SCEP)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 15:54:42 -0000

Melinda,
> I was at Cisco at the time.  That is not correct.  Interest in
> bring SCEP to the IETF waxed and waned and at different points
> different people showed different levels of interest in working on
> getting the spec through the IETF process.  Nobody was ever instructed
> to lie -
I don't recall saying they were instructed.
> I'd be hard-pressed to say that anybody was instructed to
> do much of anything in terms of publishing SCEP.
ibid.
> My understanding
> of the 3gpp situation was that someone at Cisco wanted to
> take SCEP to 3gpp and that's what motivated a renewed interest
> in publishing it as an informational document (within Cisco; whether
> the responsible IETF people were more interested in publishing it
> as an historic RFC is largely orthogonal to that).
The individual who showed up at PKIX meetings to push for publication
was someone who had no visible activity in PKIX prior to his arrival
at a WG meeting.

The individual who declared the intent to use the RFC to submit SCEP
to 3GPP was different, and was different from the individuals who had
previously met with us on the topic.

So, yes, it is possible that these two individuals and the others who
engaged with the IETF requesting publication of SCEP had completely
different agendas.

The real issue is that the argument put before PKIX and the Sec ADs,
repeatedly, was that an RFC was needed to provide a stable reference 
document
for SCEP. This is an absurd assertion; Cisco was capable of publishing its
spec on a public Cisco web site, thus making it available to anyone who 
needed it.
Internet search was already adequate (in that time frame) for anyone 
interested
in the spec to find it on such a site. If Cisco vanishes, the doc will 
have been
archived and thus remain available for many years.

The only credible reason for publishing an RFC describing SCEP (with any RFC
label) was to have an RFC number that one could use to claim the 
imprimatur of
the IETF. Whether the RFC number is to be used to cause another SDO to 
accept
the protocol, or for marketing purposes, is irrelevant. Such behavior is 
what
caused me to use the term "lie."

Steve

v2.30.2 | Report a Bug | By Email | System Status