From: Dave Crocker [mailto:dhc(_at_)dcrocker(_dot_)net]
1. One problem is that two is usually not enough to text the
of a mechanism. Folklore says 3, but I suspect there is an
entertaining bit of
philosophical discussion about testing that one might have.
I did designs for XKMS, SAML, PKIX using PKIXREP, LDAP and SCVP. I also
looked at the PGP key server.
I find it considerably easier to think in terms of concrete problems
such as how to integrate with X.509 certs than to constrain thinking to
an artificial frame determined by the narrow objectives of one group.
If you think about the issues involved in integrating X.509 the reason
for needing a signature role attribute become clear.
So it strikes me that the argument in favor of testing the
mechanism has real merit, but is not likely to recruit enough
on that merit, to provide meaningful data.
The community is not being asked for effort, it is being asked to take
notice of the effort others have already taken.