----- Original Message -----
From: "Stephen Kent" <kent@xxxxxxx>
To: <ietf@xxxxxxxx>
Sent: Thursday, July 31, 2014 8:39 PM
> Tom,
>
> It's very difficult to write text that accurately conveys the intent,
> and is yet
> is technically precise.
>
> For example, you wrote:
>
> "Without key management at an Internet scale, authentication is often
> not possible."
>
> *ephemeral DH exchange is a type of key management, and it works at
> Internet scale.**So, what I think you meant to say, when paraphrasing
> Viktor (who made the same mistake in the I-D) **
> **is something like*
>
> "Authenticated key management at an Internet scale has yet to be
achieved."
>
> *later the text says: *
>
> "Key management at Internet scale is an incompletely solved problem."
>
> *again, missing the necessary qualifier "authenticated"**
> **and later:*
>
> The PKIX ([RFC5280]) key management model introduces costs that not
all
> peers are willing to bear and also cannot secure communications when
> either the reference identity *(not defined in the I-D)*
> of the peer is obtained indirectly over an insecure channel or the
> communicating parties cannot agree on a [root?] certification
authority
> (CA).
>
> *This statement is inaccurate. If peers share a common, trusted CA,
they
> can validate one anothers**
> **certs, whether that CA is a trust anchor ("root CA") in the Web PKI
> sense or not.**
> **
> **As you may surmise, I avoided reading Viktor's doc. I will do so
now,
> and provide detailed**
> **comments during IETF LC, to address these and other issues.*
Steve
Thank you for the comments. I did not say, but my intent was to make
Viktor's statements clearer, easier to comment on, so if he made a
mistake, then my intention was to make the same mistake!
So,yes, I would add a reference for reference identity, such as RFC6125,
and my [ ?] was intended to convey that I thought that this needed
changing, about CAs.
But on key management, I am not sure I agree with you. Yes, ECDHE
is a part of key management, but I would not think it on its own as
being key management; or put differently, you either have key
management or you do not, so 'authenticated key management'
seems to me .. well, not real. I look in vain for it in RFC2401
or RFC2828.
Tom Petch
> Steve
>