Jos Purvis (jopurvis) via dev-security-policy <[email protected]> writes:
>One possibility would be to look at the Trust Anchor Management Protocol >(TAMP - RFC5934). Note that TAMP is one of PKIX' many, many gedanken experiments that were created with little, most likely no, real-world evaluation before it was declared ready. It may or may not actually work, and may or may not (and looking at its incredible complexity and flexbility, almost certainly "may not") interoperate with any other implementation that turns up. So you'd need to write a second spec which is a profile of TAMP that nails down what's expected by an implementation, and then run interop tests to see whether it works at all. (In case you're wondering why the CMP protocol, another PKIX cert management protocol that in theory already does what TAMP does, starts at version 2, it's because when attempts were made to deploy the initial spec it was found that it didn't work, so they had to create a "version 2" that tried to patch up the published standard. Even then, try finding two CMP implementations that can interop out of the box...). Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
