Re: [therightkey] How many documents?
Ben Laurie <benl@google.com> Mon, 29 October 2012 18:23 UTC
Return-Path: <benl@google.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EED6721F8702 for <therightkey@ietfa.amsl.com>; Mon, 29 Oct 2012 11:23:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.374
X-Spam-Level:
X-Spam-Status: No, score=-102.374 tagged_above=-999 required=5 tests=[AWL=0.603, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2U5H30B309nF for <therightkey@ietfa.amsl.com>; Mon, 29 Oct 2012 11:23:40 -0700 (PDT)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by ietfa.amsl.com (Postfix) with ESMTP id D012C21F86EA for <therightkey@ietf.org>; Mon, 29 Oct 2012 11:23:39 -0700 (PDT)
Received: by mail-wi0-f178.google.com with SMTP id hr7so2038304wib.13 for <therightkey@ietf.org>; Mon, 29 Oct 2012 11:23:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record; bh=XFSerc+uI/In+9xGqt7ytnTAxmTnYWMe0Xp0DS/BWbw=; b=eyqqTg1oFXyNuSL8+7ay4sjIqy2dMRK/nB1qDnFDlKPTE0RIvdtqjwCT2EhO1scXLt JVA6dvOh933JR8rSMWFXlSQjWc9M7hc106dbnTppSHRLJFav6ynzCCkQuqPPHBecZeaP 5QL5qoe+kDZhB2KTydI7GNGyXAv1ezk8QGVbAyeLdymhOxqzKG0rGxxQ5PmoaZ8uhHW+ RiRdlGTZ6W/HyW+chJNt4/3Ozfxfcd1EFcX7TkGmFQ6UT4CrfYW0tLdLH3InZEqTcQvd yGJ2y6JJRKlGNevm36jnIrZkFLEuqA+sZ1ol3fFoJysmI6LQLyuI5SoxkOlQRCBBEQnr B0tQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=XFSerc+uI/In+9xGqt7ytnTAxmTnYWMe0Xp0DS/BWbw=; b=Ad/uvm0AMObQSjhRYPUJnna+XeVSVmOx3wUWTtx1p8SkfKIHasStY8rfwVmlPtG7oo KWTmgSn5D1Sda1dsqDh8nIJnR45gHatKZv3DOQGygCA/vQ6fao2leP+gd2tghhmqHVue pMo4nUnK9iADSL485Yw2I2LEb3sdnPMQJvEI9QBLlaP4W9uJNY8GP60r0rqo3koQsteO cNDYVecjr8JIe72wsLWkNf7fIUIrm36eaKJcwiU40/vO+B8qjt4CgrY87xGfAFVmIuxQ E0HOXoniAvoH8B6eKh66GSt5sb0QRTzb0kLEdwGq4eWUZ1DMFrqa49Fq1f+PPItctZCI 7yJQ==
MIME-Version: 1.0
Received: by 10.181.11.167 with SMTP id ej7mr16566866wid.11.1351535018902; Mon, 29 Oct 2012 11:23:38 -0700 (PDT)
Received: by 10.194.76.170 with HTTP; Mon, 29 Oct 2012 11:23:38 -0700 (PDT)
In-Reply-To: <508E6F4A.20809@cs.tcd.ie>
References: <508AB760.7050803@cs.tcd.ie> <508E61C9.2060001@comodo.com> <CABrd9SQyPkbBF28tetzVRD6sy4E6aMd7AJPXajntEmRadfKb5g@mail.gmail.com> <508E65E8.1010906@comodo.com> <508E6F4A.20809@cs.tcd.ie>
Date: Mon, 29 Oct 2012 18:23:38 +0000
Message-ID: <CABrd9SSko2SdwPFCxJ2jsBWy8i4ny1AJ4EEHD59m9nvqG1oxTQ@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="ISO-8859-1"
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQm9BNg9uF/Kub3+qDF8Rs2nnFbiMIBYKrToQcweeOQ3Ev4hME1TU/P4c3whR7CwFcC5RlL333GwqCxgX07YAHT8jEA7qwzkFVgRv7p6XgMq1ukv6ia3OGhgpqiQ+Z6TRWYcbTGtz8+RdQIXeL8oke5mHDM84LiFyf15S6obRlSA27djNZNIAJJJ4AJN49uDBZ5DGjsC
Cc: "therightkey@ietf.org" <therightkey@ietf.org>, Rob Stradling <rob.stradling@comodo.com>
Subject: Re: [therightkey] How many documents?
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2012 18:23:41 -0000
On 29 October 2012 11:58, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > On 10/29/2012 11:18 AM, Rob Stradling wrote: >> On 29/10/12 11:06, Ben Laurie wrote: >>> On 29 October 2012 11:00, Rob Stradling <rob.stradling@comodo.com> wrote: >> <snip> >>>> I don't have a strong opinion about this, but I think it might make >>>> sense to >>>> split up the CT standardization effort into multiple documents, because >>>> different audiences will be interested in different aspects of CT. i.e. >>>> - One document aimed at the people who will implement and/or >>>> operate CT >>>> log servers. >>>> - One document aimed at CAs who will implement pre-certs and/or embed >>>> proofs into OCSP Responses. >>>> - One document aimed at browser authors who will write code to verify >>>> proofs. >>>> - One document aimed at webserver authors who will need to >>>> understand the >>>> importance of implementing RFC5878 and/or OCSP Stapling (RFC6066). >>>> - One document aimed at auditors who will need to know how to >>>> verify that >>>> a CT log has not been compromised. >>>> - One document aimed at domain owners who will need to know i) how to >>>> discover if any certs have been misissued to their domain names and >>>> ii) what >>>> to do about any detected misissuances. >>> >>> TBH, I disagree - the reason being that almost all of these documents >>> will be identical (i.e. describing the cryptographic structure of the >>> log) and the only differences will be which parts of the protocol they >>> use - some of which will inevitably overlap. Right now the document is >>> lacking a few of these areas, but it is by no means unwieldy. I think >>> splitting across multiple documents will create a lot of pointless >>> duplication and effort. >> >> OK, scrap that idea then. :-) > > Well.... maybe not quite so quickly. I think its a real issue > that a single document might be difficult for all those audiences. > > Now, I don't think the IETF actually ought try address all of > those audiences, since RFCs are for the folks writing code, and > mostly not for auditors or CA/web site operators, though we do do > some of the latter sometimes. I should point out that in this context an auditor is a technical term - an agent that, given some alleged entries from a log, audits that the log actually contains those entries, or given an alleged past snapshot of the log audits that it is consistent with the current log. Clients may well be auditors, too, but technically the roles can be separated. > But I still wonder if 1 or >1 document is right, and as Ben says > the current draft is a bit sketchy in some areas that might or > might not be better separated out. Perhaps the right answer will > turn out to be to look at the draft later when those areas are > more developed, but I'm asking now anyway:-) I am still holding out for a single document :-) > >>>> Given the imminent closure of the PKIX WG, I'm tempted to also >>>> suggest... >>>> - One document that will define requirements for "Effective >>>> revocation >>>> mechanisms". >>> >>> Not against that at all, but it sounds like a different WG to me. >> >> Maybe so. > > Right, or a later milestone after a re-charter if we end up > with a WG. At this point, I'd guess that anyone wanting revocation > considered sooner would need to be yelling (and since they > haven't written an I-D, they'd need to be quite convincing as to > why yelling with no I-D is appropriate). > > S. >
- [therightkey] How many documents? Stephen Farrell
- Re: [therightkey] How many documents? Stephen Farrell
- Re: [therightkey] How many documents? Ben Laurie
- Re: [therightkey] How many documents? Rob Stradling
- Re: [therightkey] How many documents? Ben Laurie
- Re: [therightkey] How many documents? Rob Stradling
- Re: [therightkey] How many documents? Phillip Hallam-Baker
- [therightkey] Non-WG forming BoF Paul Hoffman
- Re: [therightkey] Non-WG forming BoF Stephen Farrell
- Re: [therightkey] How many documents? Paul Hoffman
- Re: [therightkey] How many documents? Ben Laurie
- Re: [therightkey] How many documents? Paul Hoffman