- From: Graham Klyne <GK@Ninebynine.org>
- Date: Sat, 09 Nov 2002 10:32:36 +0000
- To: Chris Newman <Chris.Newman@Sun.COM>
- Cc: discuss@apps.ietf.org
At 11:03 AM 11/8/02 -0800, Chris Newman wrote: >While it would be entertaining to try a 4th attempt at application-level >object security (preferably this time with more input from application >experts and less from security purists), I think the odds of succeeding >have decreased significantly since the last 3 attempts. If you really >wanted to pursue this direction, here's what I think it would take to succeed: >1) Really good open-source implementations with free-for-commercial use >license, at least one in C and one in Java. >2) Transition strategy from existing PKI systems that works and is >included in 1. >3) A really good spec, that includes good discussion about user interface >requirements and how to deploy the system into an untrained average user >community (likely involving automatic fetching of generated private keys >over the Internet using TLS and a username/password pair). >4) A major vendor or consortium backing the effort with enough clout to >get the attention of the trade rags. I'm trying to remember what your 3 object security mechanisms so far are (S/MIME, PGP, and ... PEM?, MOSS? ...) Anyway, at risk of duplication, there is another object security framework on the blocks. I am thinking of the combination of XMLDSIG [1], XMLENC [2] and XKMS [3]. #g -- [1] Eastlake, D., Reagle , J. and D. Solo, "XML-Signature Syntax and Processing", W3C Recommendation xmldsig-core, October 2000. http://www.w3.org/TR/xmldsig-core/ [2] Eastlake, D. and J. Reagle , "XML Encryption Syntax and Processing", W3C Candidate Recommendation xmlenc-core, August 2002. http://www.w3.org/TR/xmlenc-core/ [3] Ford, W., Hallam-Baker, P., Fox, B., Dillaway, B., LaMacchia, B., Epstein, J. and J. Lapp, "XML Key Management Specification (XKMS)", W3C Note xkms, March 2001. http://www.w3.org/TR/xkms/ ------------------- Graham Klyne <GK@NineByNine.org>
Received on Saturday, 9 November 2002 06:36:04 UTC