"Hallam-Baker, Phillip" writes:
Again, I designed XKMS to allow enterprises to define their own trust
evaluations. One of the main considerations was how to support the Federal
Also, obtain buy-in from the principal stakeholders whose help is required
to achieve deployment.
That is why the answer is XKMS and not SCVP. SCVP does not have the public
support of any of the major stakeholders. I spent a lot of time and effort
getting buy-in from Microsoft and RSA before we announced XKMS. I worked
with Entrust and Baltimore so that we could produce a specification that
they could also support.
Contrast this to what the IETF mechanism achieves, OK everyone can say what
they like. But at the end of the day you do not have the support of a major
software vendor, just the individuals in the working group.
Leaving aside who supports what and why, don't understand the
implied conflict between xkms and scvp. They seem to do two
different things -- I want to find a cert for helm(_at_)fionn(_dot_)es(_dot_)net
to send email to that entity; I have a cert from
helm(_at_)fionn(_dot_)es(_dot_)net --
what is it good for? I didn't think SCVP would help much with
the first, and I clearly don't see what XKMS would do with the
second question. Would like a better understanding of this.
Thanks, ==mwh
Michael Helm
ESnet