[Top] [All Lists]

Re: [smime] [pkix] stuff in ITU-T SG17 meeting relating to X509, cms, and S/MME

2014-09-22 13:38:37
Sorry for my delay in response, I was in Geneva at the ITU-T for the first
part of last week (to present on IETF security on a multi-SDO panel), then
on vacation.  I have a fair bit of experience with the ITU-T, so here is my
take on it as well as some possible next steps.

On Wed, Sep 17, 2014 at 2:56 PM, Stephen Farrell 

Thanks Tony,

I've a question.

To sample this, I opened one of the files in the attachment
(TD1275) which seems to both reproduce a lot of CMS RFC text
and to extend that without (I guess?) having asked anyone who
implements CMS. If that is the case, that'd seem really dumb.
I don't recall any relevant liaison nor have I heard of such
work being wanted.

Here is my take (from experience) and we may need some help early this week
to identify possible issues.

1. We may want to take a look through all of the materials to see where
text is from an RFC (where we have copyright) as a first step.

There is a push within the ITU-T from several nations to only have the
ITU-T reference other SDO's materials and ensure that work is not
duplicated in multiple SDOs.  It should be easy enough to get support to
have text removed and replaced with a reference to any of the IETF RFCs.
The ITU-T leadership stated an interest in better cooperation between SDOs,
so hopefully this will be easier to address than in the past.

2. *IF* there is a standard that the IETF manages that has proposed changes
within these ITU-T documents, we should identify them and understand the
implications of such changes happening elsewhere.  If there are issues
along these lines, then we have a few options, on is that we can work with
heads of delegation (nations) prior to the ITU-T plenary for SG 17 at the
end of this week.   Essentially, we'll have to work to get the changes into
the IETF instead (this is simply stated, there is process behind all of
this that I am familiar with fortunately/unfortunately)).

3. If the ITU-T decides to update something they manage, it's good to know
that is happening and is within their right.  The IETF could decide to use
it if the work makes sense and update any of our standards for which we
wish to use the new version (X.509 for instance) or continue to reference
the current version if the changes don't make sense.

Do we have some volunteers to comb through the materials?


My question is: am I being unfair in the above or are the
authors of that actually in touch with folks who implement

Other folks - if you care about ITU-T work that could overlap
with IETF work or with your code, you might want to take a
look here. (Or decide to just ignore the whole thing as
irrelevant enough to be harmless I guess.)


On 17/09/14 18:05, Tony Rutkowski wrote:
For those interested in what is occurring over the
next few days in Geneva related to these subjects
in the all but extinct ITU-T group, the relevant
documents are pulled together here.  The "challenges"
material tends to be used to justify new work in
the group.  It's worth being aware of.  An operative
question is whether anyone cares.

Approval     Certified Mail Transport and Certified Post Office Protocol
TD 1259
Approval     Current and new challenges for public key infrastructure
standardization within ITU-T     TD 1179
NWI     Proposal for including whitelist support in Rec. ITU-T X.509 |
ISO/IEC 9594-8     C 268
NWI     Proposal for new ITU-T | ISO/IEC JTC 1 joint work item for OID
based device identifier for the Internet of Things     C 239
NWI     Proposal for including relevant cryptographic algorithm
information into Annex B of Rec. ITU-T X.509 | ISO/IEC 9594-8.     C 230
NWI     Proposal for additional restructuring and updates of Rec. ITU-T
X.509 | ISO/IEC 9594-8     C 269


pkix mailing list

pkix mailing list


Best regards,
smime mailing list