My recent questions and comments were for discussion; they sought not to
hinder the operational deployment of PEM UAs. So I always limit my
comments, when contributing to this list.
We have to get PEM beyond a perennial problem suffered by all "security
products" - derived from the years of certification testing: that,
design statements must counter objections and flaw analyses from
all-comers.
Unlike a local programme of security activity here, PEM UAs are, or
ought to be, at an advanced stage of pre-deployment; I would urge the
20 or so developing sites to now begin to perform open beta and user
piloting of the services.
Everyone seems to be waiting for everyone else to act, or the DARPA
lead project to pronounce. This is not the American R&D groups I know
from their stirling ISODE participation. Take a leaf out of the ISODE
organization handbook; have the design and beta-bug rows in private,
but let the actual support process of user trials be public.
PEM makes some large designs assumptions in relation to the management
of personal security credentials and their revocation. It advocates
specific policies which many do not believe will scale or offer global
connectivity at the required level of service. Others believe that
once you communicate with parties beyond a high-assurance CA, you can
have no confidence of anything as domains neither monitor nor enforce
inter-domain minimum operational assurance requirements.
But rather than stalling the whole process with such analyses, can we
not just try it out?
If PEM fails to match the its competition in the open market, then it
has to die like lots of IETF RFCs before it. Its quite a normal
event. If Users love PEM in practice despite its (alleged) faults, then it
will have made a solid step forward, and we can all work on the sequel: PEM-II.
Who will take the first step, and give this volunteer site (UCL-CS) a PEM-UA
to play with? To solve any export problems, we will handle all the CA and key
parts for initial piloting purposes.
Peter.