[ietf-enroll] Re: [New-work] WG Review: Credential and Provisioning (enroll)

[Pekka Nikander]

Max,

I think we are approaching consensus.  I am leaving out
less important parts of your message (which I agree with)
and focusing on what remains to be discussed.

> ...             More interesting is when they are established via a
> two entity 'weak' authentication mechanism. How weak this is depends on
> how and when the mechanisms was applied -- which is determined by
> policy. Thus we have a set of policy models that cover the different
> types of two way enrollment ("leap of faith", "imprint" etc). 

> Either that or TTI needs to be expanded to cover the two entity weak
> authentication discussion in more detail (above I meant to type, "I
> would propose..."). 

I would propose that we charter two distinct models to be
produced:  A process model which could easily be based on TTI,
and a policy (meta)-model that describes the security
considerations to be taken into account when using a
non-TTI, "weak" authentication method.

> It strikes me that policy models are hard to turn
> into protocols.

Well, it depends on the exact nature of the policy model.
Anyway, I don't think it is relevant to chartering.  I do
believe that we need a policy (meta)model so that we
understand what we are speaking about.

--Pekka Nikander