On Mon 04/Aug/2014 20:11:34 +0200 Scott Kitterman wrote: > On Monday, August 04, 2014 17:52:52 Viktor Dukhovni wrote: >> On Mon, Aug 04, 2014 at 10:08:36AM -0700, Dave Crocker wrote: >>> Looks to me like they are listed as key management methods. >> >> Well, Wikipedia is not necessarily authoritative here. We do have >> the term "key agreement" available, and it should be noted that in >> many cases (including many cases with TOFU) even when long term >> keys are not necessarily strongly authenticated in addition to the >> long-term (managed) keys, there are typically also per-session >> ephemeral keys obtained via a suitable key agreement scheme. >> >> We can spend a lot of time fine-tuning subtleties of wording that >> only a few select initiates of the arts will appreciate. It is >> reasonably clear from the context of the draft that key management >> is about authentication keys, most commonly in the form of PKIX >> X.509 certificates. [...] >> >> While the drafts intended audience is broad, the meaning of the >> term key management is to be understood in context as the primary >> barrier to universal adoption of authenticated active-attack >> resistant protocols. Thus the intended meaning is not so broad as >> to include cases that are [not] barriers to said adoption. >> >> It is hard to imagine an audience of non-specialists finding this >> an issue to quibble over. It is rather secondary. > > Agreed. [...] Please leave it as is. I agree too. Although the failure to provide useful, precise definitions is one of the above mentioned barriers, it is not this I-D which is missing them. It is those Wikipedia's pages, mentioned upthread, which are in fact tagged as lacking citations. While application's fine print may refer to relevant RFCs, it is more effective for GUIs to cite Wikipedia, possibly indirectly. Viktor, and all of us who are acknowledgeable on this subject, please consider adding required citations and fine-tuning where it is needed. It is IETF's role to divulge this knowledge. Ale