IETF Logo Mail Archive

[Plants] Re: Scope and charter

"Kampanakis, Panos" <kpanos@amazon.com> Thu, 21 August 2025 17:01 UTC

Return-Path: <prvs=3211d9d13=kpanos@amazon.com>
X-Original-To: plants@mail2.ietf.org
Delivered-To: plants@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id EDA9157127D9 for <plants@mail2.ietf.org>; Thu, 21 Aug 2025 10:01:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.395
X-Spam-Level:
X-Spam-Status: No, score=-4.395 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=amazon.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BiwrmTM8w6xK for <plants@mail2.ietf.org>; Thu, 21 Aug 2025 10:01:54 -0700 (PDT)
Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 2839157127D2 for <plants@ietf.org>; Thu, 21 Aug 2025 10:01:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1755795715; x=1787331715; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=5AF9roX1UBxkM7TXwHfm12zYpiOHFX5EEdKnjFIvvBI=; b=ZvbDQTgDywHqtzaFCrr69kCcb6pwoRpjHZgBE02rzxfy1VKaB2OAI+DZ 0Pwo8NqlB9EYjphsxRn5BIBvqV+LDDgg8qJ0is/Ru9nckVCiVPwtU8oVs GtN2wOR0s9p4ooMHk4JrMjMEa7iWxJ5l4uDbwTExLBfv9uqsGlCV5Gfz3 Do2hKYdfuLWg0/EpLmv21SStuwk21EUANTWqW6laVYsnvzfnhx5kvHNsu 3+PYNoOS2taEtrCi4984lrEv0Si970fFcWX1W8B/misxj0Ws/REQ6ln0R K3I063LOzy9KkRWEJVHKqPSIyuJ8lzjVs6gjr6t95MMSvFyTp52esNc2Q Q==;
X-IronPort-AV: E=Sophos;i="6.17,309,1747699200"; d="scan'208,217";a="521893017"
Thread-Topic: [Plants] Re: Scope and charter
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2025 17:01:53 +0000
Received: from EX19MTAUEA002.ant.amazon.com [10.0.0.204:16684] by smtpin.naws.us-east-1.prod.farcaster.email.amazon.dev [10.0.1.20:2525] with esmtp (Farcaster) id cd10b75e-fa6e-441f-814c-4374c26b9467; Thu, 21 Aug 2025 17:01:52 +0000 (UTC)
X-Farcaster-Flow-ID: cd10b75e-fa6e-441f-814c-4374c26b9467
Received: from EX19EXOUEC002.ant.amazon.com (10.252.135.179) by EX19MTAUEA002.ant.amazon.com (10.252.134.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.17; Thu, 21 Aug 2025 17:01:52 +0000
Received: from EX19EXOUEC001.ant.amazon.com (10.252.135.173) by EX19EXOUEC002.ant.amazon.com (10.252.135.179) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.17; Thu, 21 Aug 2025 17:01:50 +0000
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (10.252.134.239) by EX19EXOUEC001.ant.amazon.com (10.252.135.173) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.17 via Frontend Transport; Thu, 21 Aug 2025 17:01:50 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qTnd/c0d5g80s8fqda+73v2UaT9lVUX3HTkgh+MlU9g9vueuBDPVFs1ROka9qkLkZlcJsFXalulI46t40o2OWPyxHNowhJjOU6QoSDjlibTW6X4bPE7SSzDxsi5Id+cPWMT2Apk2wtTuvAjfKrH5DDYDiyZeRjShFlYxNtdzgKckXZkBNDMiikqfzcu2x1ccMPTkMxPUAzfu+Uwnc9KsfGTy84G3wk3Vm8q9ua+a66GnuNBXtsrHvE202f6YtUstFcy6k2eXvl2Vv4VYXjfoxgtiIs0CTXwHiEP4bfeGr/A9svaG5vjsFElzXt8HOGymnbOWNbGJ2TFM/BHJ6tzJQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5AF9roX1UBxkM7TXwHfm12zYpiOHFX5EEdKnjFIvvBI=; b=Z+Ebn5IS6+9qj6XbIAncp/FPOw0vkRfVd4MhJLUdz3k4wcPGjPiCW4Z0moMYehsNtoXAsNJ6cNUqa0WGojcgcPfQh9T/T98letMh+fpvc9whZV4zHxHKEVP76CdeFnmcO6y9wDIyPhP0pcql2AbhjHXGPvcdaoYQf0StJDnhfKfInn6LKMTRJY68uK9Vm0xzxZf8m1CrQ7fPdGKQ8aemugh+CHGff0oacGeEWQhEe4hlE3iBOIsiE6UeREMg3xBCqIyGTEH7FkQ9phrAFFH/A0eJb4LK2Vt426TGwpKeZPLyg4bqh/tgvrEUGI+RbozehxsZSCAOd22LpPNZm3WT2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amazon.com; dmarc=pass action=none header.from=amazon.com; dkim=pass header.d=amazon.com; arc=none
Received: from DM5PR18MB2326.namprd18.prod.outlook.com (2603:10b6:4:b9::33) by BN9PR18MB4124.namprd18.prod.outlook.com (2603:10b6:408:135::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9052.15; Thu, 21 Aug 2025 17:01:47 +0000
Received: from DM5PR18MB2326.namprd18.prod.outlook.com ([fe80::6dd6:86fd:258:83be]) by DM5PR18MB2326.namprd18.prod.outlook.com ([fe80::6dd6:86fd:258:83be%4]) with mapi id 15.20.9052.014; Thu, 21 Aug 2025 17:01:47 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: David Benjamin <davidben@chromium.org>
Thread-Index: AQHcC9Vz9/i2ClevSEu/zKV1hBWyG7RgyxcAgAlzvoCAAi2sAIAAWEoAgAA634CAAAPngIAAFbcAgAAc24CAAARAQIAAE+gAgAAJ8MA=
Date: Thu, 21 Aug 2025 17:01:46 +0000
Message-ID: <DM5PR18MB2326C1ED1BA27756A536BEAEAB32A@DM5PR18MB2326.namprd18.prod.outlook.com>
References: <CAMjbhoWghiphLsq8OS-hOiYTPDSkO-_o9JYq2Wbtey4oBW6eyA@mail.gmail.com> <97AE4984-E6B4-4C3C-9A7B-7A0900110FDF@thomwiggers.nl> <CAFR824w+pzfyKDXWWJ0uytFLKF3id9uL_JY2Du9458YxXZzG2w@mail.gmail.com> <PH3PPFA3FE8A23F1AB56FA437BE4CA8C418C12DA@PH3PPFA3FE8A23F.namprd11.prod.outlook.com> <CAFR824wUSFNTDzFn2hMbaa+3Jpe2apa82x74D3zp5NrZBgquWQ@mail.gmail.com> <CAF8qwaC+_R6qAQiEmHbg+s4zoOEvOiTS8CYB8CMwyrQsAM=84g@mail.gmail.com> <31435.1755103402@obiwan.sandelman.ca> <CAF8qwaDuYOUT=nxvsVjgP+94f6Wc0s9zeODoGChrDgqamqDpzw@mail.gmail.com> <10476.1755742796@obiwan.sandelman.ca> <BDF0603E-62C4-4705-9056-1CCF20F06BE0@thomwiggers.nl> <8e7f4587-aa2d-44b5-9e84-ad6aa4a3ef60@cs.tcd.ie> <CADw9x2uatHPDMpqPvMBYDv7=KjQEukyCG7za30n8HK8duQFgvw@mail.gmail.com> <CAF8qwaABO90YaFUs8=PHtGHDDgQXp0QW_k9sXAUbqsT0vGSwmg@mail.gmail.com> <93e4ef07-66bb-416a-b1d9-98d970d5155e@cs.tcd.ie> <DM5PR18MB2326858D0AD4E7A442976E9BAB32A@DM5PR18MB2326.namprd18.prod.outlook.com> <CAF8qwaA6+SmE7tnDvcJFdn5YuSpJorLwEnhgDeje4VwF7B+VAw@mail.gmail.com>
In-Reply-To: <CAF8qwaA6+SmE7tnDvcJFdn5YuSpJorLwEnhgDeje4VwF7B+VAw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amazon.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM5PR18MB2326:EE_|BN9PR18MB4124:EE_
x-ms-office365-filtering-correlation-id: cbf944bc-26a2-4938-37a0-08dde0d469d7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|8096899003|13003099007|38070700018|7053199007;
x-microsoft-antispam-message-info: 8Dz9CwE9bhB0WyBbw05NK1PgLRl8t6ttxyrACdlUkwMn/F4OoGkUp9y/UBgop04MUMCujFUALk1jbyPXvxemAdSgAMN9ToGaKlVBq/UabB7L27Sn1h1qrgf/8cYKdcS2QnG3WhWIaFAyq8dqtCxWKuOfAwwFLGtU0NCf5cm4hhKQs8LOpcYHqxfh7CP9K7q8+03iBa+yHgI8raDhujBRHqjihKWtWH5h59lVpqM7F/1LPoBoGLb08fWeiTL5/1TndJqh5TbcJGx0lZqpusV8qg9xv9lrtM7OJCsQtZMuslN7QmQhtFTjMp1JYnkeh5o1crGQG6GP9QwhKW9QrAMLX53sZT19b5ziPcHb7i7B93A+CgFEMBPMriVPtQuyt1UpXiNRDV59HaoiW34rgj+7MKAqa1wmDuCXYgqfz8/DOP7gH1uP/0x10GasqI3XP0dtNP3s1rP/DNT752zNwW4UchpmcLmQt1UZE4bBe/8lWQsum6WnQ3lc1e0WLjZGtmNjLgCeUTnyXa/0V3n8y/4qEQ01mv/mCj0QCZe7JMKIx3Y1pjirBC3L3nrfW+juzRKz7mHBwBbfdn6mEhILBtpmExgt/64RnFI3tWJjuiBU46o7dQqD7XSGdPlyYiAcmO1L9UhqheiZ9HRT4hnXllR37Qgd151zFQkLSxsK9+QhcD18We8SoGY+/k4ohqJbaMjBj3YiJW8DrGfsA/c3QjrWS0QjJ2faZWuYPeQe33cavZWvjER4yBWc9LAKipNOrGwm2dSVBznXtON79S8X8+BniLJ8g6AdGEWS9aZRi5cR9Jgd/U4Ac+jJsY0W/UGmV7RjrmxV3O1MzQcoHyiMabM5jwCyaFCweUT13NNWMEJiZXiFzCcMCkF8Tjo8DzB77/HaoAJpBS/1nXAGmlfVL9wJOMY4s8q89TSfgeSTjHCHE0/nzJl+/jZGqXARAq4ilaVtHJoJ7emx6S/OEV37hurUOZxuontDTmxEUXM+7mbkYA1u+Y26v8BxPQ0mEs750axUAv+ppa7vRofVi5famVKgfTUrF3vILRspxJ+7uyddcVv6vmwWLJ/kwpBwaBpAJ1frYlVry/hNRk93oXitcrSpsy5TGzGq4QioZVgabo4qNhL3Oqykyk3wJJolZkUeSdUaVqaghv5H96tvXt6QtGYaU0ID//cdeCTL7rnLZ26MQoUqsAik83/gqylfUCNHnC0K9JN7B6TwoTkdrYpxpSgY2PUEZLH+Nj2qFOlD4sT+c2viBd9h1srlAlZuT52n30Lq2HYqgbm1x2mL1C+yvCDCobjHjzWqFqV3D26d491lkoEWwNRkqz6soqrVQLoDwbJEwyj2NPSrQ3ZVDB5Tu7wISRATcyw8/E1UGdMLgswzSfTzuC/IlzzZ7RWH77qLdv2WmQ84y4y1BG8tJorD0xa+aCpnPmuuprm+wqPLkjNn5Jrn9Ou3TFqGUqYZB/QdCtvl
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR18MB2326.namprd18.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(8096899003)(13003099007)(38070700018)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ism3uKWsPcKmG9u6FQBuMKOmbouhxzazYA7t3jnBCU6cNfIlOOtuSP5W9D4vCNU/pBtJkN0e8gYEeyuZXturNJDeTytCwNd7QYxYcsZD4XOD3Fe+sy5Cz84bdr+auzQgU53lTctUTIA5HQoSGANrFuE02oOSSWgKB1k/wsg1LCRCR25NuS8k/mm/GK2M+bYXeB+2437WRj0YHb/+YlFsRVfbICyhY9ZPafshhZ2+Qm8PW1YhoByjTYBFiZTotVnnR9dmra0UQ4omOOKK/gwkgxE64RNKzqlrPrQ8gYGbd1wZg1lrwcyUpSId6vMUSNvAiep4WpziBSt6jyGks8amph+l0+M4GHU/5ZCjOZn0sTC5g+ci8+uqns0vAbHFdGdbUowk/AAEORR56o/NkdFYZS27nddPiArYFJHubAHKfQZecSFF/p66lSrLHV9BUOIC6XyLf5Wn0OB9FluVu06VI8sjyZMIKqg85c6yKojt9L3LcVnX7C7iIGngD8jf5Cua9Bpc7efh8wo4B9exmPeB71s5eT3n/aJ/fYWQin+/XaOyvxnD/Ml2M14CoKOM69S97wLiS9gCcNH7wwSUQjlll2HujiQBlIE/H+XX1AsnVQwBHAkaULIq2J2a+z0JlPvWLjIPsgMiBbiFi0Ko7xsK2+0jt55d++HvVn6qqeE+fhk+afBiWF8yV3TzvyJckEurxileGI7goejsL8rIQx1nznHLxMeyJvhlm13InRVgTnmzP8C6TLYSVKA8PmmZ+gBdg9sug54NazwAdbTPWVOoJGVU6sRYOM381XGzQ65IjtlZCcMepwwj/Rh6ajVse0J3Rs9oEQ5wNnx+GPVMybabfwYnVGzZSiWfc/0v0jywRf/1HK6gGsJXPaJvm2RveJ0tpAWvbknswYHIT18rtW9DUsivQR5pv8AUhZW8fmlly1tWYsxPOndLvIB8YkGT+tTCTfBxWcJ8rFyBFoVD4kMYgQCJ0XZHWRv8qF/E+uPWPEJcibHOjRQmPwtiT8gSQO23yFadqT7AZjRLu7S3ba8xJ/IxkGlmJ7X1fb5/xLW7Jv2dEQuvblGsSur+J6Y+3C63AH5+A6RuQa6EeiaiEx93rd9G8kdzV0ViM8OjAgUiJwVSlLfzUYmOlXjKa2ntYWj9nBntGtX88eEIauSFqDs9EF0GEILC5qT3X6QsWWw/xZv0RPb0qLo1BQ5LQnpbmU5olLFsBxA1yhRRjqOkHdkv7nPPZdJUztCDXmv5wDyYMdRce0tQDHZpZ2RvVcMa+V8JuMAJigOf/laBPwGh6jYPGe50vY9ikAxu3bSZV+ikonpC5V075WxRaP5PR1UkIX8glbmCyijmilrkbjJm3A0QeG2yblOc2SPl4mJWjmZIAzJKqguJyLf48Ir1UDZSQK7s+D6OEftiG6tUKdrKtX49aigDbx8m4ydU6ZBXQHTL8eNVxOvTCuM53mwFz6FsMO8MYH0zeQOb62AWwFpeqahDe+75CU3e7nQodPsnx330Z5e2h8ktqhAcLaQJfrXsCPTbdLLMwcbMKyQ/2CI/RgBO+/0Nrh+jcLrb/v9Qc5Np36k=
Content-Type: multipart/alternative; boundary="_000_DM5PR18MB2326C1ED1BA27756A536BEAEAB32ADM5PR18MB2326namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR18MB2326.namprd18.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cbf944bc-26a2-4938-37a0-08dde0d469d7
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2025 17:01:46.9351 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5280104a-472d-4538-9ccf-1e1d0efe8b1b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ybR2+RCUbgPmzeTsmlKAk0Rp5/4g6iCHLplyN4hhgnp6h0Jf7AzNGKPBl1NLos1s7RJv8GjPtLwIRrFnEAdOsA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN9PR18MB4124
X-OriginatorOrg: amazon.com
Message-ID-Hash: AE4L54V3EJQJ6MH45IJBF3DDYT63K52V
X-Message-ID-Hash: AE4L54V3EJQJ6MH45IJBF3DDYT63K52V
X-MailFrom: prvs=3211d9d13=kpanos@amazon.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "plants@ietf.org" <plants@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Plants] Re: Scope and charter
List-Id: "PKI, Logs, And Tree Signatures" <plants.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/plants/5wp7GRxzrC9ATT1CMts3Ms00vR4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/plants>
List-Help: <mailto:plants-request@ietf.org?subject=help>
List-Owner: <mailto:plants-owner@ietf.org>
List-Post: <mailto:plants@ietf.org>
List-Subscribe: <mailto:plants-join@ietf.org>
List-Unsubscribe: <mailto:plants-leave@ietf.org>

By state of the webPKI, I meant CRLs, CRLite, cached OCSP (if it was ever used), SCT signers, trust anchors or abdridged certs, MTC co-signers, or MTC landmark checkpoints. Browser and similar apps make a lot of calls to their backend where they can do all of these things, but some of the applications I am talking about have just the OS, the SDK and whatever app code the user has written on top.

Let me show why I am sticking to the specifics of the solution and what it is for as laid out in the charter by asking a question: A draft defining TimestampedCertificateEntryDataV3 which compresses the contents of an ML-DSA TBSCertificate would address one of the main issues MTC is aiming to address. Would it fall in the PLANTS charter?

From: David Benjamin <davidben@chromium.org>
Sent: Thursday, August 21, 2025 11:48 AM
To: Kampanakis, Panos <kpanos@amazon.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>; Wendy Brown - QT3LB-C <wendy.brown@gsa.gov>; Thom Wiggers <thom@thomwiggers.nl>; Michael Richardson <mcr+ietf@sandelman.ca>; plants@ietf.org
Subject: RE: [EXTERNAL] [Plants] Re: Scope and charter


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

On Thu, Aug 21, 2025 at 10:39 AM Kampanakis, Panos <kpanos@amazon.com<mailto:kpanos@amazon.com>> wrote:
> Not sure, but I can live with the above FWIW - I'm sure if we do something that causes breakage, we'll hear about that;-)

I would go further than email uses of TLS. Basically, any place where you cannot stand up and operate an always-on CT type of service or places that work over a browser along with other non-browser non-constantly updating clients. There are many of those.

It would be nice for the charter to document this clearly beyond just saying that it will focus on the web and other PKIs are nice to have. Maybe it would be beneficial to define WebPKI. For example, https://cloud.google.com/sdk clients connect to TLS servers using WebPKI certs but they are not exactly the web. These clients don't fetch and show what we know as web content and they don't maintain the "state of WebPKI" like a browser does. Are these the web?

I'm not sure what you're referring to. The word "web" does not appear at all in the draft charter. I don't believe it has appeared in any version of that text.
https://github.com/davidben/merkle-tree-certs/blob/main/charter-ietf-plants.md

With quite a lot of experience on browser PKI concerns, I also do not know what it means to 'maintain the "state of WebPKI" like a browser does'. Are you referring to the list of trust anchors? That's not specific to web browsers. That's a fundamental part of configuring X.509. If you're referring to the extra state needed for signatureless optimization, that hasn't been required in any version of MTC. In the first version, the whole scheme was meant to be paired with a fallback. In the current version, the fallback is integrated (two views of the same log entry). Even within the web browser use case, we cannot assume every client is up-to-date, so this would always have been necessary.

I think this confusion shows the dangers of trying to prescribe this level of detail in a charter. We end up working off of our own internal assumptions about what the design is, finding something we want to change or not change, and then reversing that back into abstract charter-level guidance. We'll inevitably talk in circles doing that, because we're not really talking about the same thing.

Let's get the charter-level things down, and then we can all get on the same page with something concrete and discuss.

David

-----Original Message-----
From: Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>>
Sent: Thursday, August 21, 2025 10:22 AM
To: David Benjamin <davidben@chromium.org<mailto:davidben@chromium.org>>; Wendy Brown - QT3LB-C <wendy.brown@gsa.gov<mailto:wendy.brown@gsa.gov>>
Cc: Thom Wiggers <thom@thomwiggers.nl<mailto:thom@thomwiggers.nl>>; Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr%2Bietf@sandelman.ca>>; plants@ietf.org<mailto:plants@ietf.org>
Subject: [EXTERNAL] [Plants] Re: Scope and charter

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



Hiya,

On 21/08/2025 13:38, David Benjamin wrote:
> The charter already has this sentence, that was meant to capture this:
>
> "The Working Group may consider how these mechanisms may apply to
> other PKIs or non-interactive protocols, but these will not be the
> primary use case and may ultimately have different requirements or limitations."
>
> Do you think it needs some tweaks?

Not sure, but I can live with the above FWIW - I'm sure if we do something that causes breakage, we'll hear about that;-)

>
>> I would like that we at least consider how what we're doing
> would work-for/break the use of TLS in email protocols.
>
> Is there a concrete shape of breaking things for email that you are
> concerned about?

Nope. I guess the extent to which clients depend on browser updates might cause some issue for SMTP/TLS as sending MTAs don't have the same update frequency, and maybe IMAP/SUBMIT servers might have a much longer tail of older clients, but I'd imagine there should be ways to get around such things, or else it'd be fine with just have such setups stick with their current PKI setups and/or someone spends time thinking about how PLANTS affects DANE/MTA-STS etc and figures things out.

> It's quite hard to abstractly reason about why email warrants a
> specific mention. Note that the charter does not say the word "Web" in
> it at all (I took some effort to *not* be Web-specific), so calling
> out email seems extra odd.
>
> I also don't think we need to codify every single design question
> ahead of time in the charter. It's to form an IETF working group, not
> some last chance to nudge an opaque process. If one wants to consider
> some application, there is an easy way to do it: go consider it and
> bring thoughts to the WG! :-) if some concrete detail turns out to be
> a problem for some concrete application, we can use the usual IETF
> process to talk about it and decide where we want to go from there.
>
> I expect that'll be much easier for everyone in concretely than in the
> abstract. Let's try to get to that concrete stage quickly.

Agreed.

Cheers,
S.

v2.37.1 | Report a Bug | By Email | System Status