[ietf-enroll] Re: [New-work] WG Review: Credential and Provisioning (enroll)
Pekka Nikander
pekka.nikander at nomadiclab.com
Fri Oct 31 06:21:18 EST 2003
Max,
I think we are approaching consensus. I am leaving out
less important parts of your message (which I agree with)
and focusing on what remains to be discussed.
> ... More interesting is when they are established via a
> two entity 'weak' authentication mechanism. How weak this is depends on
> how and when the mechanisms was applied -- which is determined by
> policy. Thus we have a set of policy models that cover the different
> types of two way enrollment ("leap of faith", "imprint" etc).
> Either that or TTI needs to be expanded to cover the two entity weak
> authentication discussion in more detail (above I meant to type, "I
> would propose...").
I would propose that we charter two distinct models to be
produced: A process model which could easily be based on TTI,
and a policy (meta)-model that describes the security
considerations to be taken into account when using a
non-TTI, "weak" authentication method.
> It strikes me that policy models are hard to turn
> into protocols.
Well, it depends on the exact nature of the policy model.
Anyway, I don't think it is relevant to chartering. I do
believe that we need a policy (meta)model so that we
understand what we are speaking about.
--Pekka Nikander
More information about the ietf-enroll
mailing list