ietf
[Top] [All Lists]

Wikipedia, was Target audience? (was Last Call Opportunistic Security: some protection most of the time to Informational RFC)

2014-08-06 04:10:49
On Mon 04/Aug/2014 20:11:34 +0200 Scott Kitterman wrote:
On Monday, August 04, 2014 17:52:52 Viktor Dukhovni wrote:
On Mon, Aug 04, 2014 at 10:08:36AM -0700, Dave Crocker wrote:
Looks to me like they are listed as key management methods.

Well, Wikipedia is not necessarily authoritative here.  We do have
the term "key agreement" available, and it should be noted that in
many cases (including many cases with TOFU) even when long term
keys are not necessarily strongly authenticated in addition to the
long-term (managed) keys, there are typically also per-session
ephemeral keys obtained via a suitable key agreement scheme.

We can spend a lot of time fine-tuning subtleties of wording that
only a few select initiates of the arts will appreciate.  It is
reasonably clear from the context of the draft that key management
is about authentication keys, most commonly in the form of PKIX
X.509 certificates. [...]

While the drafts intended audience is broad, the meaning of the
term key management is to be understood in context as the primary
barrier to universal adoption of authenticated active-attack
resistant protocols.  Thus the intended meaning is not so broad as
to include cases that are [not] barriers to said adoption.

It is hard to imagine an audience of non-specialists finding this
an issue to quibble over.  It is rather secondary.

Agreed. [...] Please leave it as is.

I agree too.  Although the failure to provide useful, precise
definitions is one of the above mentioned barriers, it is not this I-D
which is missing them. It is those Wikipedia's pages, mentioned
upthread, which are in fact tagged as lacking citations.

While application's fine print may refer to relevant RFCs, it is more
effective for GUIs to cite Wikipedia, possibly indirectly.  Viktor, and
all of us who are acknowledgeable on this subject, please consider
adding required citations and fine-tuning where it is needed.  It is
IETF's role to divulge this knowledge.

Ale

<Prev in Thread] Current Thread [Next in Thread>