On 10/10/2011 08:41 PM, Stephen Kent wrote:
As the co-chair of PKIX, which has two standards for cert management (CMC and CMP), for exactly the bad reasons I cite above, I am intimately familiar with this sort of problem. I failed, in my role as PKIX co-chair, to prevent this in that WG. Let's not repeat that sort of mistake here.
As one of the more minor perpetrators of that CMP/CMC travesty, I completely agree with Steve that the PKIX WG (and not just nor even mainly the chairs) failed in this respect due to what some of the then major players perceived as being in their commercial interests. We've all, including all the main CMP/CMC proponents afaik, been regretting that outcome for over a decade at this stage and continue to find the situation problematic. (What's the relevant plural for mea cupla I wonder? ;-) While I've not yet read the document in the subject line, the CMP/CMC experience makes me at least generally opposed to standardising two ways of doing the same thing. S. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf