IETF Logo Mail Archive

Re: [therightkey] How many documents?

Phillip Hallam-Baker <hallam@gmail.com> Mon, 29 October 2012 18:53 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 223D421F8678 for <therightkey@ietfa.amsl.com>; Mon, 29 Oct 2012 11:53:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onO8eWs2+R-t for <therightkey@ietfa.amsl.com>; Mon, 29 Oct 2012 11:53:25 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id F0B3521F852A for <therightkey@ietf.org>; Mon, 29 Oct 2012 11:53:24 -0700 (PDT)
Received: by mail-ob0-f172.google.com with SMTP id v19so5548469obq.31 for <therightkey@ietf.org>; Mon, 29 Oct 2012 11:53:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=fbCOqEIjuDDc6m/RuLqQbAzzBcCSxWI0paOq5eSRc+A=; b=EbRQdvT7XYWOyo/DQhynBNbRNj6Yl3lZ732L2M3J3KAMxZgTgbDnn27aVm2cBq2s4K +F+NC3iGC1j0yQlhlIMCb1gCpBZQwCfsl2wtiU73T2za0J72RxdtaneFjOZAjm8m7pYJ dSKLIkLO+0bBhvycGQXe13DmnE1jVXl5hL6iWSDdr8QMd6YM53Tw99CY2+VMmccwaVJ8 U7NKJD0G85C6RNJA2tSlET1PAx9LPk42I8lkKZWidT2OJz0TWpvWFSrgWZlHvlpImPwg +QLUWbwwdqyc+8TxBQcctwcX8YEd0f9Pd8b9/tALNX2M+lsYi3h9plZ2x/0HTXmJwtkP Kfxg==
MIME-Version: 1.0
Received: by 10.182.113.5 with SMTP id iu5mr25782997obb.36.1351536804582; Mon, 29 Oct 2012 11:53:24 -0700 (PDT)
Received: by 10.76.27.103 with HTTP; Mon, 29 Oct 2012 11:53:24 -0700 (PDT)
In-Reply-To: <CABrd9SSko2SdwPFCxJ2jsBWy8i4ny1AJ4EEHD59m9nvqG1oxTQ@mail.gmail.com>
References: <508AB760.7050803@cs.tcd.ie> <508E61C9.2060001@comodo.com> <CABrd9SQyPkbBF28tetzVRD6sy4E6aMd7AJPXajntEmRadfKb5g@mail.gmail.com> <508E65E8.1010906@comodo.com> <508E6F4A.20809@cs.tcd.ie> <CABrd9SSko2SdwPFCxJ2jsBWy8i4ny1AJ4EEHD59m9nvqG1oxTQ@mail.gmail.com>
Date: Mon, 29 Oct 2012 14:53:24 -0400
Message-ID: <CAMm+LwgqmFsCm83QQVkXazcnjAbStjvq6BqfhBU_Qu=Q-VMZiA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Ben Laurie <benl@google.com>
Content-Type: multipart/alternative; boundary="f46d0447f1882355ab04cd372fbb"
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Rob Stradling <rob.stradling@comodo.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [therightkey] How many documents?
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2012 18:53:26 -0000

I very much doubt we will manage to get a finished spec with anything less
than four documents since I can't remember offhand any case when we have
not. But equally, I can't see a need for a split now. Going through four
documents rather than one is tedious.

In the longer term I see the parts of the spec that describe the notary
formats and structure as being potentially re-usable in other contexts and
that it will make sense to separate those out from the discussion of certs,
PKI and such.


On Mon, Oct 29, 2012 at 2:23 PM, Ben Laurie <benl@google.com> wrote:

> On 29 October 2012 11:58, Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
> >
> >
> > On 10/29/2012 11:18 AM, Rob Stradling wrote:
> >> On 29/10/12 11:06, Ben Laurie wrote:
> >>> On 29 October 2012 11:00, Rob Stradling <rob.stradling@comodo.com>
> wrote:
> >> <snip>
> >>>> I don't have a strong opinion about this, but I think it might make
> >>>> sense to
> >>>> split up the CT standardization effort into multiple documents,
> because
> >>>> different audiences will be interested in different aspects of CT.
>  i.e.
> >>>>    - One document aimed at the people who will implement and/or
> >>>> operate CT
> >>>> log servers.
> >>>>    - One document aimed at CAs who will implement pre-certs and/or
> embed
> >>>> proofs into OCSP Responses.
> >>>>    - One document aimed at browser authors who will write code to
> verify
> >>>> proofs.
> >>>>    - One document aimed at webserver authors who will need to
> >>>> understand the
> >>>> importance of implementing RFC5878 and/or OCSP Stapling (RFC6066).
> >>>>    - One document aimed at auditors who will need to know how to
> >>>> verify that
> >>>> a CT log has not been compromised.
> >>>>    - One document aimed at domain owners who will need to know i) how
> to
> >>>> discover if any certs have been misissued to their domain names and
> >>>> ii) what
> >>>> to do about any detected misissuances.
> >>>
> >>> TBH, I disagree - the reason being that almost all of these documents
> >>> will be identical (i.e. describing the cryptographic structure of the
> >>> log) and the only differences will be which parts of the protocol they
> >>> use - some of which will inevitably overlap. Right now the document is
> >>> lacking a few of these areas, but it is by no means unwieldy. I think
> >>> splitting across multiple documents will create a lot of pointless
> >>> duplication and effort.
> >>
> >> OK, scrap that idea then.  :-)
> >
> > Well.... maybe not quite so quickly. I think its a real issue
> > that a single document might be difficult for all those audiences.
> >
> > Now, I don't think the IETF actually ought try address all of
> > those audiences, since RFCs are for the folks writing code, and
> > mostly not for auditors or CA/web site operators, though we do do
> > some of the latter sometimes.
>
> I should point out that in this context an auditor is a technical term
> - an agent that, given some alleged entries from a log, audits that
> the log actually contains those entries, or given an alleged past
> snapshot of the log audits that it is consistent with the current log.
> Clients may well be auditors, too, but technically the roles can be
> separated.
>
> > But I still wonder if 1 or >1 document is right, and as Ben says
> > the current draft is a bit sketchy in some areas that might or
> > might not be better separated out. Perhaps the right answer will
> > turn out to be to look at the draft later when those areas are
> > more developed, but I'm asking now anyway:-)
>
> I am still holding out for a single document :-)
>
> >
> >>>> Given the imminent closure of the PKIX WG, I'm tempted to also
> >>>> suggest...
> >>>>    - One document that will define requirements for "Effective
> >>>> revocation
> >>>> mechanisms".
> >>>
> >>> Not against that at all, but it sounds like a different WG to me.
> >>
> >> Maybe so.
> >
> > Right, or a later milestone after a re-charter if we end up
> > with a WG. At this point, I'd guess that anyone wanting revocation
> > considered sooner would need to be yelling (and since they
> > haven't written an I-D, they'd need to be quite convincing as to
> > why yelling with no I-D is appropriate).
> >
> > S.
> >
> _______________________________________________
> therightkey mailing list
> therightkey@ietf.org
> https://www.ietf.org/mailman/listinfo/therightkey
>



-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email