On 10/10/2011 08:41 PM, Stephen Kent wrote:
As the co-chair of PKIX, which has two standards for cert management
(CMC and CMP), for exactly the bad reasons I cite above, I am intimately
familiar with this sort of problem. I failed, in my role as PKIX
co-chair, to prevent this in that WG. Let's not repeat that sort of
mistake here.
As one of the more minor perpetrators of that CMP/CMC travesty,
I completely agree with Steve that the PKIX WG (and not just nor
even mainly the chairs) failed in this respect due to what some
of the then major players perceived as being in their commercial
interests.
We've all, including all the main CMP/CMC proponents afaik, been
regretting that outcome for over a decade at this stage and continue
to find the situation problematic. (What's the relevant plural
for mea cupla I wonder? ;-)
While I've not yet read the document in the subject line, the
CMP/CMC experience makes me at least generally opposed to
standardising two ways of doing the same thing.
S.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf