From: Jim Fenton [mailto:fenton(_at_)cisco(_dot_)com]
The interface to X509 is almost entirely constrained.
You are pre-judging this issue according to your own
prejudices here. I
note that in the MARID effort you argued strenuously to keep
reputation
mechanisms out of scope then introduced one to the group yourself.
What happened in MARID is a moot point. Are you concerned that this
will happen again?
I am concerned that there will be the same attempt to railroad a
proposal.
I consider people's recent behavior to be very relevant.
Phill, can you clarify: are you advocating the addition of
interfaces
to accreditation mechanisms, reputation systems, or both?
I am proposing merely to add an interface to allow a key record to
contain a statement that there is an X.509 certificate associated with
the key.
That is an entirely constrained and straightforward work item
If we need focus why on earth are we considering the idea of
communicating authentication results to downstream? That is an entirely
new design problem and a very complex one that has significant trust
implications.
1. Continue with the charter as currently written, and amend it at a
later time to bring in additonal scope.
2. Amend the charter to add additional scope.
3. Create a separate group to address the
accreditation/reputation problem.
I do not want to work on the accreditation/reputation problem. All I
want to do here is to allow someone who has a key to advertise the
existence of additional information defined using the existing
accreditation mechanism.