The IETF SAD has, I believe, acted to cease the activities of
the PEM WG, though its mailing list can live on to assist
MOSS and other related activites be implemented and deployed.
the basis was that PEM was dead, and MOSS had achieved RFC status
requiring no further WG member involvement in its furtherance.
First of all, your understanding of the process is somewhat off the mark. WGs
are chartered to perform a specific task or set of tasks. These tasks can
include production of informational, experimental, or standards-track RFCs.
Once the task at hand is complete, the WG shuts down. If there's a need to
begin work on a new task a new WG is formed. Old WGs working on new tasks is
frowned upon. This is especially the case for very long-lived WGs, and PEM is
one of the longest, if not the longest, on record.
The WG can be reactivated if there's a need for it to take further action on
any items it has produced. For example, when a document needs to move from
proposed to draft and some issues are found that require attention, the area
director, acting in conjunction with the IESG, has the option of reactivating
the group to deal with these issues. The area director also has the option of
not reactivating the WG.
A strange phenomenon is occuring: Web-centric PEM deployment in
a commercial application. A significant number of PEM messages are
flowing between Verisign and users of secure httpd servers for the
purposes of key management. Even more PKCS#10 formatted messages
are flowing, but the point is a select group of folk chose to adopt
PEM as their standard for key management message security as suggested
by the SSLREF package.
How do people feel about the status of the PEM RFCs. I assume noone
is acting to push them through IESG standards processes. Is it
acceptable IETF behaviour to simply use an RFC, and not pursue
standardization processes?
Documents cannot stay at proposed forever. They either have to move forward in
the process or get reassigned to a non-standards-track status. The norm is for
document that have fallen off the track to move to historic, although a move to
experimental or informational is possible.
The developers need a home to discuss, advance etc. Would it be acceptable
to have this PEM-centric forum located in W3C, versus IETF? AS IETF has
kind of "done with" PEM (with a certain amount of disillusionment
and its replacement with the totally revised MOSS),
could others take over its technical furtherance without causing any
inter-body acrimony?
First of all, a disclaimer -- this particular political area is not my
baliwick. My understanding of it is pretty limited, based mostly on stuff I've
heard second-hand from other sources.
What I do know is that the issue of W3C doing standards development is a
broader one than whether or not PEM could be or should be shifted there for
further work. I don't know whether or not the W3C wants to do standards work. I
do know that there have been statements to the effect that they don't do
standards, and I also know that there are activities that would seem to
contradict these statements.
However, assuming for the moment that there is no intrinsic problem with the
move (admittedly a huge assumption), my concern would be that PEM will end up
in the situation S/MIME is in right now -- with a number of serious and major
technical flaws outstanding and no indication of if or when or how they will
ever be addressed. This is especially crucial when security and
interoperability issues are involved, as they are with S/MIME.
Ned