[ietf-enroll] Re: [New-work] WG Review: Credential and Provisioning (enroll)
Max Pritikin
pritikin at cisco.com
Mon Nov 3 12:14:32 EST 2003
It sounds like we have general agreement on direction and what needs to
be done. I'm ok with modifying the charter document to reflect this.
I'd like to hear some feedback from other people on the list. Does all
this sound reasonable? In terms of process I'm not sure who should
modify the charter and when is an acceptable time to do so.
It is unfortunate that you will not be able to attend the enroll BOF.
Hopefully we'll be able to hook up at another point during the week.
- Max
On Fri, 2003-10-31 at 03:21, Pekka Nikander wrote:
> Max,
>
> I think we are approaching consensus. I am leaving out
> less important parts of your message (which I agree with)
> and focusing on what remains to be discussed.
>
> > ... More interesting is when they are established via a
> > two entity 'weak' authentication mechanism. How weak this is depends on
> > how and when the mechanisms was applied -- which is determined by
> > policy. Thus we have a set of policy models that cover the different
> > types of two way enrollment ("leap of faith", "imprint" etc).
>
> > Either that or TTI needs to be expanded to cover the two entity weak
> > authentication discussion in more detail (above I meant to type, "I
> > would propose...").
>
> I would propose that we charter two distinct models to be
> produced: A process model which could easily be based on TTI,
> and a policy (meta)-model that describes the security
> considerations to be taken into account when using a
> non-TTI, "weak" authentication method.
>
> > It strikes me that policy models are hard to turn
> > into protocols.
>
> Well, it depends on the exact nature of the policy model.
> Anyway, I don't think it is relevant to chartering. I do
> believe that we need a policy (meta)model so that we
> understand what we are speaking about.
>
> --Pekka Nikander
>
>
More information about the ietf-enroll
mailing list