(introduction) Re: [ietf-enroll] Charter

Trevor Freeman trevorf at windows.microsoft.com
Tue May 20 13:39:05 EDT 2003 

Yes, there are a number of X.509 enrolment protocols( which is a problem
in itself but lets not go there just yet!!!) which are transport
independent so we can pick one or more later. We don't need to reinvent
any semantics around how to make the certificate request. We do need to
generate the need for the request. The critical piece here is we need a
framework where we can negotiate what to do. Having decided on a course
of action, where possible we want to reuse existing protocols because
there is existing work and code we want to leverage.

-----Original Message-----
From: ietf-enroll-bounces at mit.edu [mailto:ietf-enroll-bounces at mit.edu]
On Behalf Of Max Pritikin
Sent: Monday, May 19, 2003 12:41 PM
To: Alper Yegin
Cc: jimsch at exmsft.com; IETF-Enroll
Subject: Re: (introduction) Re: [ietf-enroll] Charter

One of the primary requirements for CMC, CMP, and XKMS seems to be
transport independence. So likely any of them.

Although I feel that the enrollment doesn't need to go over the same
transport as the introduction (pre-enrollment exchange of provisioning
and credentail information). In fact I rather expect that it is better
for the enrollment to go over an independant transport. This to better
handle the likely scenarios where introduction is handled through 3rd
party provisioning services, hardware tokens, store & forward
mechanisms, etc that don't have the appropriate realtime behavior for
the actual enrollment mechanisms. (At least not if you want said
enrollment to occur without user assistance). 

	- max

On Mon, 2003-05-19 at 11:47, Alper Yegin wrote:
> Hello,
> 
> > What we don't have is a universal provisioning framework which
covers a
> > variety of credential types. That said since the existing enrolment
> > protocols are transport independent, once a decision is made to for
> > example to enrol for a certificate, that we could use an existing
> > mechanism to do so.
> 
> Which  protocols are you referring to as "existing enrollment
protocols"?
> 
> Thanks.
> 
> Alper
> 
> 

_______________________________________________
ietf-enroll mailing list
ietf-enroll at mit.edu
https://mailman.mit.edu/mailman/listinfo/ietf-enroll

More information about the ietf-enroll mailing list