Unfortunately, PKIX part 3, which specifies how to do these actions, is
still not around, and I suspect it is many months off due to political
hassles in the PKIX WG. The CMP/CRS/CRMF debates seem like so much
posturing, given that all parties agree that the other parties have no or
few technical problems.
I sincerely hope that this assessment turns out to be pessimistic.
Me too! I thought we had made progress at the DC meeting and came away
hopeful.
I have much less now.
We
(with PKIX hat on here) are working seriously to produce a harmonized
Certificate Request Message Format (CRMF) document and a companion
Certificate Management Message Formats (CMMF) document which will
enable all current CMP and CRS functionality using a common set of PKI
messages.
This is the first I've heard of CMMF, and I talked to many of the document
authors last week. I was told by three different people the best we would get
soon was a standardized certificate request without a standardized response.
You can imagine the tone of my laugh when I heard that.
We had set an internal deadline of Dec 31 to have a proposal ready
for presentation to the full PKIX WG, and obviously failed to meet
that target. I do still have hope that the proposal (CRMF, CMMF and
CMP) will be ready for last call within a matter of weeks, not months.
The CMS-based protection framework should follow sometime thereafter.
This leaves us with three choices:
- mandating the non-CMS framework
- waiting for the CMS framework
- choosing not to do PKI at all
I've been advocating the third one both because I don't believe we'll see
something soon, and because I believe we don't need to specify the PKI in
S/MIME. It's orthogonal to end-to-end secure messaging.
--Paul Hoffman, Director
--Internet Mail Consortium