[ietf-enroll] Future of this WG
Thierry Moreau
thierry.moreau at connotech.com
Tue Jun 28 11:19:27 EDT 2005
Randy Turner wrote:
>
> Hi Thierry and group,
>
> I think the solution space for my trusted device issues I spoke of
> earlier can fit within your constrained charter
> and requirements. I think you did a pretty good job of trimming the fat
> regarding where the real problem is.
>
> I think it's going to be difficult to rationalize some of what would be
> a resulting "enroll" solution without calling attention
> to particular business models that we are trying to address.
If the standardization effort puts emphasis on business models
rationales, the work might end-up attempting to provide (more or less
definitive) "risk analyses" that justifies e.g. the use of enrollment
procedure A versus procedure B.
I suggest some abstraction that links procedure A and B to some of
security services/levels and procedural hindrance elements. The
consideration of business models should be limited to exclude e.g.
procedure C on the ground that is is empirically not practical (e.g. US
patent 6,651,166, "Sender driven certification enrollment system" is not
practical because the lack of effective anti-phising countermeasures).
Hope it helps, and best regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: thierry.moreau at connotech.com
More information about the ietf-enroll
mailing list