Hi Sam,
--
On Fri, May 22, 2015 at 3:01 PM, Sam Hartman <hartmans-ietf@xxxxxxx> wrote:
I'd like toh second Phil's concerns here.
A proliferation of security standards, even when there are levels of
interoperability between them, is problematic for interoperability.
The folks proposing JOSE were required to make a very strong
justification about why we needed something JSON based in addition to
our existing security standards.
I believe they did that.
However, I don't think the constrained devices area has made a
justification explaining why
1) They need something different
2) They don't need interoperability with the rest of the world.
Even if constrained devices could benefit from a different encoding, if
they need interoperability, we still run into problems. In the
discussions leading to DICE ACE, and COAP, arguments were made that there
would be proxies between the rest of the world and the constrained
network, so it was acceptable that we used different protocols.Th
These arguments basically don't apply to object signing and encryption.
In Dallas as well as on the COSE list, the WG has built a case for the work specific to constrained devices first for me and then again for Stephen. Here is the link to the discussion with Stephen. Please let me know if this addresses your concerns:
You can probably get most of what you are looking to see in Stephen's DISCUSS up to this point in the thread (plus previous messages). Subsequent messages hit on crypto and wording for the charter to not create anything new in this WG.
Sorry for my delay in response. I spoke at LACNIC last week and it took a hit on my schedule. It's an important group to support, so it's worth it.
Thanks,
Kathleen
Based on the charter, this working group sounds like a really bad idea,
flying in the face of interoperability and the IETF's mission.
I do not support chartering this work.
Best regards,
Kathleen