Dear Hao: I was pleased to hear your analysis of areas where mutual crypto binding may be tricky to deploy because I would like to accurately describe this problem space. I believe the draft covers most of the points you raise but I will definitely incorporate your feedback.
I was a bit frustrated though that you proposed simply focusing on certificate validation without responding to the concerns that the draft raises in that area because I put a fair bit of time into analyzing that problem space and I was hoping to try and explain that there are no easy answers. I hear that you are concerned about the complexity of EMSK-based cryptographic binding; I'm guessing you'd like to make rapid progress on your draft. However I'm concerned when I think we may be discarding an option like EMSK-based cryptographic binding in favor of an option that we believe doesn't cover a number of deployments that we've decided in our requirements analysis are important to us. I think both of our options have merit. Would you be willing to get together with me and Dacheng before the EMU meeting to work on a design for EMSK-based cryptographic binding in your method and to work on understanding what's required to get the most out of certificate binding? I'd like to have a well-informed discussion about the complexity of EMSK-based cryptographic binding, the discussion of complexity of certificate validation and the environments where they can both function. I'd appreciate your help in getting to that point! I'd also be interested in working with anyone else on this problem. Currently I'm available Monday morning, Monday during lunch, Monday during the first afternoon session. It also looks like I have a fair bit of availability Tuesday. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
