pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

re:PEM standards status

1995-12-20 09:10:00
from [warwick (w.s.) ford] [Permanent Link] 
Peter:

The PKIX group includes in its charter protocols for certificate management, 
including certificate request and delivery protocols.  The current I-D starts 
to 
address this but needs a lot more work.  The idea is to support cert management 
via on-line exchange, e-mail, or http.  PEM would appear a likely candidate for 
the basis of the e-mail protocol; MOSS would be another candidate.  Perhaps it 
is reasonable to allow either.  If you could send in a description or pointers 
as to exactly what you would like to see in the PKIX I-D, we could look into 
incorporating this into the next I-D.

Note that this does not mean that the PKIX WG would be doing any support of PEM 
per se.  PKIX will simply reference the PEM RFCs as an underlying mechanism to 
support cert management.

Warwick


In message "PEM standards status", peter(_at_)verisign(_dot_)com writes:


The IETF SAD has, I believe, acted to cease the activities of
the PEM WG, though its mailing list can live on to assist
MOSS and other related activites be implemented and deployed.
the basis was that PEM was dead, and MOSS had achieved RFC status
requiring no further WG member involvement in its furtherance.

A strange phenomenon is occuring: Web-centric PEM deployment in
a commercial application. A significant number of PEM messages are
flowing between Verisign and users of secure httpd servers for the
purposes of key management. Even more PKCS#10&#7 formatted messages
are flowing, but the point is a select group of folk chose to adopt
PEM as their standard for key management message security as suggested
by the SSLREF package.

How do people feel about the status of the PEM RFCs. I assume noone
is acting to push them through IESG standards processes. Is it
acceptable IETF behaviour to simply use an RFC, and not pursue
standardization processes?

The developers need a home to discuss, advance etc. Would it be acceptable
to have this PEM-centric forum located in W3C, versus IETF? AS IETF has
kind of "done with" PEM (with a certain amount of disillusionment
and its replacement with the totally revised MOSS),
could others take over its technical furtherance without causing any
inter-body acrimony?

Anyone have any opinions they would care to share?
                                                                     

************************************************************************
    Warwick Ford, Bell-Northern Research        E-mail: wford(_at_)bnr(_dot_)ca
    PO Box 3511, Station C                      Tel:  (613) 765-4924    
    Ottawa  ON  K1Y4H7  Canada                  Fax:  (613) 765-3520
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PEM standards status, Ali Bahreman
Next by Date:  Re: PEM standards status, Stephen Kent
Previous by Thread:  Re: PEM standards status, Donald E. Eastlake 3rd
Next by Thread:  Re: PEM standards status, Stephen Kent
Indexes:  [Date] [Thread] [Top] [All Lists]