Message info
 
To:Anders Rundgren From:Stefan Santesson Subject:Re: [pkix] Agenda requests for Paris Date:Sun, 18 Mar 2012 16:43:36 +0100
 

Anders,

Do you have an A shaped teflon non-stick desk at your office?
I think it would suit your quite well.

/Stefan

On 12-03-18 4:30 PM, "Anders Rundgren" <anders.rundgren@telia.com> wrote:

>On 2012-03-18 12:15, Yoav Nir wrote:
>> Anders,
>>
>> IMO "relevant" is whatever the group decides is relevant as long as the
>> IESG agrees. If you want the working group to do something, such as
>>mobile
>> devices with embedded credentials, you should propose this to the group.
>
>Once upon time there was a single enterprise OS standard; it was called
>Windows.
>Each vendor could easily create s.c. "Windows-compatible" solutions by a
>bunch
>of proprietary DLLs and EXEs.
>
>These days are gone. Now customers are facing a multitude of mobile
>devices
>with quite different software distribution and security models.
>
>Currently I'm struggling with a mobile PKI + FW using Cisco's ASA +
>AnyConnect.
>The absence of useful enrollment/setup standards in this space force you
>into
>"rooted" phones, quirky user-interfaces, least common denominator
>functionality,
>and extended deployment times.
>
>Unless something in the process (and attitude) changes, I remain
>convinced that
>PKIX should stick to the PKI core and leave applications like EST aside.
>
>Anders
>
>>
>> A few years ago I had a proposal to IPsecME but couldn't attend. I
>>asked someone else who *was* attending to present it for me. I prepared
>>the slides and everything, and listened to the audio stream. While there
>>is work being done (see the vmeet list) that may allow people to present
>>remotely, results so far have been a mixed bag. Surely you can go to
>>https://www.ietf.org/registration/ietf83/attendance.py , and find one of
>>the 1347 people listed there (as of right now) who might be interested
>>enough to present slides that you would prepare for him or her.
>>
>> I don't think a time slot reserved for "discussion of the fact that
>>mobile devices with embedded credentials will most likely constitute of
>>the bulk of the client-side of PKI" will do much without a draft, a
>>presentation, or at the very least, someone to lead the discussion.
>>
>> Yoav
>>
>> -----Original Message-----
>> From: pkix-bounces@ietf.org [mailto:pkix-bounces@ietf.org] On Behalf Of
>>Anders Rundgren
>> Sent: 18 March 2012 11:38
>> To: Stefan Santesson
>> Cc: pkix@ietf.org
>> Subject: Re: [pkix] Agenda requests for Paris
>>
>> On 2012-03-18 01:45, Stefan Santesson wrote:
>>> Anders,
>>>
>>> You are missing the point.
>>
>> Not really, I'm just looking at things from a different angle.
>>
>> IMHO, "relevance" has become an overarching issue for SDOs due to the
>>fact that the IT-landscape has changed tremendously the last ten years:
>>
>> - Continuously shorter product cycles
>> - Vendors that single-handedly define complete and globally operating
>>ecosystems, from devices to services
>> - Open source as a means to reduce costs and improve interoperability
>>
>> Since "my" issue (affecting billions of other humans) obviously is not
>>of any interest to you or Steve, PKIX's future probably is about
>>managing the PKI core documents (Certificates, CRL and OCSP).
>>
>> Thar said, new efforts in the more application-oriented part of the PKI
>>universe, like the recent EST work-item seems much less likely to pan
>>out since these require alien elements like strategy, marketing, and gap
>>analysis.
>>
>> OTOH, deployment given the current SCVP/OCSP discussions doesn't seem
>>to be a major issue. In my world deployment and relevance are
>>synonymous.
>> Yes, I know this is a minority view :-)
>>
>> Anders
>>
>>>
>>> You are free to discuss any issues that are related to the charter of
>>> this WG.
>>> If you want to discuss things with other IETFers, it is a great
>>> opportunity to come to the conference and talk to people.
>>>
>>> Just don't expect people to spend time discussing your issues at the
>>> meeting unless you are prepared to come and ask for a timeslot.
>>>
>>> /Stefan
>>>
>>>
>>>
>>> On 12-03-17 2:09 PM, "Anders Rundgren" <anders.rundgren@telia.com>
>>>wrote:
>>>
>>>> On 2012-03-17 13:32, Stefan Santesson wrote:
>>>>> Anders,
>>>>>
>>>>> It does not work that way, no matter how interesting your issue
>>>>> might be.
>>>>
>>>> You mean that IETF statutes doesn't permit discussing possible future
>>>> work-items without a proposer actually being physically present?
>>>>
>>>> Anyway, your college in the Swedish EID2-project Leif Johansson,
>>>> indeed mentioned the very same issue "as highly problematic" in a
>>>> panel session in the IDTrust/NSTIC event that we both attended this
>>>> week in Washington DC.
>>>>
>>>> Somewhat related: From what I can see the rationale for EST haven't
>>>> been discussed at all on this list. I don't think even Cisco in the
>>>> end will support EST since it doesn't add functional improvements.
>>>> Even the target "Simple PKI client" seems to be left to the reader to
>>>> guess what it could possibly be. Do YOU know?
>>>>
>>>> Anders
>>>>
>>>>>
>>>>> If you want to raise an issue at the meeting, then you need to ask
>>>>> for a slot and show up at the meeting.
>>>>> If you can't be bothered, convince someone that will be present to
>>>>> do it for you.
>>>>>
>>>>> If you can't do that even, then discuss it on the list.
>>>>>
>>>>> /Stefan
>>>>>
>>>>> On 12-03-17 9:56 AM, "Anders Rundgren" <anders.rundgren@telia.com>
>>>>> wrote:
>>>>>
>>>>>> Stefan,
>>>>>> I will unfortunately not be able to attend.
>>>>>>
>>>>>> May I suggest that the crowd spends some 10 minutes on discussing
>>>>>> how PKIX intends to deal with the fact that mobile devices with
>>>>>> embedded credentials will most likely constitute of the bulk of the
>>>>>> client-side of PKI?
>>>>>>
>>>>>> Even the US government have realized (it took some time...) that
>>>>>> "Derived Credentials" is probably a better solution than "putting
>>>>>> PIV on a string":
>>>>>>
>>>>>>
>>>>>> http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2012-02/feb
>>>>>> 1_nis
>>>>>> t-
>>>>>> 800-63-1_overview_enewton.pdf
>>>>>>
>>>>>> It is (at least to me) obvious that ambitious efforts such as
>>>>>> President Obama's NSTIC program won't go particularly far without
>>>>>> having secure, convenient, and interoperable enrollment solutions.
>>>>>>
>>>>>> However, then we enter the minefield known as "Token Provisioning"
>>>>>> which
>>>>>> currently only is covered by proprietary solutions like the Google
>>>>>> Wallet.
>>>>>>
>>>>>> Giving in to Google may though be the best for the market since a
>>>>>> leading vendor can (as Microsoft did in the past) indirectly
>>>>>> enforce the necessary "compliance" on the other parties.
>>>>>>
>>>>>> The opportunity for a standard addressing 5-10 BILLION of connected
>>>>>> devices won't exist 3 years from now, at least if we are talking
>>>>>> about a *used* ditto.
>>>>>>
>>>>>> If you are the daring type you might even perform a straw poll on
>>>>>> the topic :-)
>>>>>>
>>>>>> Anders
>>
>


_______________________________________________
pkix mailing list
pkix@ietf.org
https://www.ietf.org/mailman/listinfo/pkix