The IETF SAD has, I believe, acted to cease the activities of
the PEM WG, though its mailing list can live on to assist
MOSS and other related activites be implemented and deployed.
the basis was that PEM was dead, and MOSS had achieved RFC status
requiring no further WG member involvement in its furtherance.
A strange phenomenon is occuring: Web-centric PEM deployment in
a commercial application. A significant number of PEM messages are
flowing between Verisign and users of secure httpd servers for the
purposes of key management. Even more PKCS#10 formatted messages
are flowing, but the point is a select group of folk chose to adopt
PEM as their standard for key management message security as suggested
by the SSLREF package.
How do people feel about the status of the PEM RFCs. I assume noone
is acting to push them through IESG standards processes. Is it
acceptable IETF behaviour to simply use an RFC, and not pursue
standardization processes?
The developers need a home to discuss, advance etc. Would it be acceptable
to have this PEM-centric forum located in W3C, versus IETF? AS IETF has
kind of "done with" PEM (with a certain amount of disillusionment
and its replacement with the totally revised MOSS),
could others take over its technical furtherance without causing any
inter-body acrimony?
Anyone have any opinions they would care to share?