Re: [Trans] overview of remaining(?) DISCUSS items for draft-ietf-trans-rfc6962-bis-33
Rob Stradling <rob@sectigo.com> Tue, 24 September 2019 08:56 UTC
Return-Path: <rob@sectigo.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8859212080B for <trans@ietfa.amsl.com>; Tue, 24 Sep 2019 01:56:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=comodoca.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T9tBAbs3iDZb for <trans@ietfa.amsl.com>; Tue, 24 Sep 2019 01:56:31 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-eopbgr770051.outbound.protection.outlook.com [40.107.77.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F2E41201A3 for <trans@ietf.org>; Tue, 24 Sep 2019 01:56:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h7rF/tXSOxvxzc3L2DGZH0ZeHEk0x3O2YtfcluUBc2tMlsVhmLK7iD5aA/39yxS+Yr00sfq349Ba2C8/4h9W7AtARZ+ppqLDOzOkYrEq1qBrIhx0yKRQJE8TPrtsXkcYH2gX6tM3xBJUp8Zf56M96MKNlFxV6VRMOH5qK4m7KzIzDzM1CvFprLdXkg2v+wGyduFAUS78nVzbzphhTVIpRLSr945kBa+Z1NKgoJhsyK/5PI410uYIFGT4CYADOVrEvA9MINJFG3Q+e3xLm167oRqUJQnI/nZoJ+iQvO5g8iR27pBtEnYAQ8pLtpjh+bL8ddP2RgpK6sOk0FDAzgzUlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rkfQzPl3+0nlMLFGDMo1h30UoXizUZJVEOhUfRAj+uY=; b=J/o+toWZcGhcGHFZwR+Ebl6zYVYE35iz+rM3rUzaZ/3Y8lNcQiPJiowo3uPT3QN61U2Aoh/bR3LlV6PNjtU+DsN2VyslptyvMWCXlV/j51nT/gSGv+LlQLKRGwJrLv2o87Wztq1GdavCDgVZhDbt2bhs/42XhtR4iyfhCyRu9yd0QOurJMSvbrRkfQZ6OPRumAk3kSVCTKXCo+8JLNU7AJACmTvl4YEQFtt3xrzE23hub2toVyGz5eWtGXY742ah0OcXqy1TmbuIGfcWFJ4w2zEnSdjtlRUljc+nVJ8WGrAfkXpaE181rByr6hsUt1lUUHH5LzZGiixEpMd659tDXg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sectigo.com; dmarc=pass action=none header.from=sectigo.com; dkim=pass header.d=sectigo.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comodoca.onmicrosoft.com; s=selector2-comodoca-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rkfQzPl3+0nlMLFGDMo1h30UoXizUZJVEOhUfRAj+uY=; b=izaAXAQzzX+K6qfh/VVp8YmghTmE4VUXTYrNrnv5wRnVPaUHFxBfK1ulmZRTD/kqYwVwL1/RpQvZ92CGOmZF8/wQTyheUbOgksIVvmRjyuRavH+Vb4B+XFkuThOM83LmhE0t/td+fY8B6G4FJNwZ3gblJHVMHS7+Towuur9eDnM=
Received: from DM6PR17MB3162.namprd17.prod.outlook.com (20.176.124.223) by DM6PR17MB3402.namprd17.prod.outlook.com (10.255.9.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.23; Tue, 24 Sep 2019 08:56:29 +0000
Received: from DM6PR17MB3162.namprd17.prod.outlook.com ([fe80::dc78:38ff:9fc6:58cf]) by DM6PR17MB3162.namprd17.prod.outlook.com ([fe80::dc78:38ff:9fc6:58cf%3]) with mapi id 15.20.2284.023; Tue, 24 Sep 2019 08:56:29 +0000
From: Rob Stradling <rob@sectigo.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>, Paul Wouters <paul@nohats.ca>
CC: Alissa Cooper <alissa@cooperw.in>, Trans <trans@ietf.org>
Thread-Topic: [Trans] overview of remaining(?) DISCUSS items for draft-ietf-trans-rfc6962-bis-33
Thread-Index: AQHVblRQ0CWg5MVGO0ywZM7RXIf1a6czBmsAgAApD4CABg+gAIAAkfwAgABLYICAAHLCgA==
Date: Tue, 24 Sep 2019 08:56:29 +0000
Message-ID: <3fc26bc5-1512-8a2d-03d6-2e7f507c102c@sectigo.com>
References: <alpine.LRH.2.21.1909181506160.11898@bofh.nohats.ca> <b6ec6a38-a4c2-64b4-0584-d13deead2605@sectigo.com> <alpine.LRH.2.21.1909191211080.29314@bofh.nohats.ca> <4632c221-c207-72c4-83c3-ecc8dcbf2ba7@sectigo.com> <alpine.LRH.2.21.1909231733480.23118@bofh.nohats.ca> <CAErg=HFG7xqKn9f5hnqnoskAN_jYhKEwVa12-sJ-rzGNfTUYjQ@mail.gmail.com>
In-Reply-To: <CAErg=HFG7xqKn9f5hnqnoskAN_jYhKEwVa12-sJ-rzGNfTUYjQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: LO2P265CA0016.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:62::28) To DM6PR17MB3162.namprd17.prod.outlook.com (2603:10b6:5:192::31)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rob@sectigo.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2a0e:ac00:25d:300:f68e:38ff:fe7a:a226]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dfd8bd9d-18e7-4eee-564b-08d740cd16df
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM6PR17MB3402;
x-ms-traffictypediagnostic: DM6PR17MB3402:
x-microsoft-antispam-prvs: <DM6PR17MB3402970714453CC4E800AE22AA840@DM6PR17MB3402.namprd17.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0170DAF08C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(376002)(39850400004)(346002)(366004)(199004)(189003)(52116002)(66556008)(66446008)(66476007)(8676002)(64756008)(71200400001)(71190400001)(66946007)(229853002)(6486002)(6436002)(14454004)(31686004)(66574012)(316002)(76176011)(7736002)(305945005)(54906003)(86362001)(478600001)(6512007)(386003)(110136005)(2616005)(446003)(476003)(8936002)(486006)(11346002)(25786009)(2906002)(46003)(256004)(31696002)(4326008)(81166006)(5660300002)(53546011)(6246003)(6506007)(186003)(102836004)(6116002)(36756003)(99286004)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR17MB3402; H:DM6PR17MB3162.namprd17.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: sectigo.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: IBNZBgTdeuipQFn3t7JlxoZkdpnksx92u29OP3qLK5sBnzQhQhEmXzrTae0LXeAI5DfUHPN5I31d+oJrwuSs98/wulQBhaWkxjjhvxdOa0Akrie7oJKnEoUzyMLs1YnHk6swvEeWbQDJZiqwADAxj6lSJZkJBwGn+O7T3vT24Y1IBbwq2P3Fl2X5gsef32SxX6vADLez8hIwI/mbGlYZXt/W/zDZNpJT48UaYyRWUdRMD4ny8ByzeaCGKrGDTHNxh7ogvZjWAnOtxjsfJVHXMHGAC7Ne1QAHd2SPrOq0CIw9unNbGK9Enpb9WPNmTYWHBr9i0uZ/yLchs1B2LQe8mT3WZbUfyI0gFYTUB+nLE/dZEDnenCv7NoLh8xu2cCkGyOTooYfqjjM0J5reQv3pr1xVPqpyzQpwETdhvHJiwcc=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <225E206F26355A4091F9BF424FB75D18@namprd17.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sectigo.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dfd8bd9d-18e7-4eee-564b-08d740cd16df
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2019 08:56:29.4272 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0e9c4894-6caa-465d-9660-4b6968b49fb7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: atYxdjSd6vCVQiQfTKrjk64gK4bYKuVbI2yFh4h5ycwp3ubONYDrez6Ga4j087C8Y7x8Pza0xFCLLWc/ngDIRg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR17MB3402
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/2k7vjvTHIAu_g_17ibvLWMOD-W4>
Subject: Re: [Trans] overview of remaining(?) DISCUSS items for draft-ietf-trans-rfc6962-bis-33
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2019 08:56:34 -0000
On 24/09/2019 03:05, Ryan Sleevi wrote: > On Mon, Sep 23, 2019 at 11:36 PM Paul Wouters wrote: > > > > Hi Paul. This was my thought process... > > > > A mechanism for a log to change its base url might be "nice to have", > > but it would add complexity. Adding complexity should be avoided > unless > > it's "really necessary". "nice to have" is not "really > necessary", and > > besides, there is already a mechanism for achieving the same goal: > > retire the current log and spin up a new log. > > > > The ecosystem needs to be agile enough to support regular log > retirement > > and regular spinning up of new logs, so let's not (over)engineer an > > alternative mechanism that assumes the ecosystem lacks that agility. > > While I agree with you, I am just a WG chair. So we need to hear a few > more opinions of people and then if there is a consensus, we can go > ahead and make this change. Paul, I'm not sure what you mean by "this change". If there's consensus to not add a mechanism (that would allow logs to modify their base URLs) to 6962-bis, then...6962-bis already doesn't have such a mechanism. Are you perhaps suggesting that "this change" would be to add a sentence to the end of section 10.6.1 along these lines: "IANA is asked to reject all requests to modify or remove entries from the Log ID Registry" ? > Sorry about that, Paul. I’m so used to the CA/Browser Forum and related, > where it’s more pressing to chime in on the bad ideas early, rather than > the good ideas like this one. > > To be clear: I agree with Rob that the flexibility to make that change > seems better addressed through agility of the client. I realize this is > somewhat divergent from how 6962 was initially promoted (“just a few > logs and never need to change them”), but the operational experience > there has emphasized the importance of client agility. > > Similar to the Base URL discussion by Andrew Ayer, the less flexibility > we attempt to accommodate log operators with, the greater predictability > and verifiability we offer clients. Thus, avoiding “nice to haves” that > introduce unpredictable flexibility is... nice to have. So that’s why > Rob’s response sounds right to me, and the best answer is rely on client > agility for exceptional situations. Ryan, thanks for chiming in here. -- Rob Stradling Senior Research & Development Scientist Sectigo Limited
- [Trans] overview of remaining(?) DISCUSS items fo… Paul Wouters
- Re: [Trans] overview of remaining(?) DISCUSS item… Rob Stradling
- Re: [Trans] overview of remaining(?) DISCUSS item… Paul Wouters
- Re: [Trans] overview of remaining(?) DISCUSS item… Rob Stradling
- Re: [Trans] overview of remaining(?) DISCUSS item… Paul Wouters
- Re: [Trans] overview of remaining(?) DISCUSS item… Ryan Sleevi
- Re: [Trans] overview of remaining(?) DISCUSS item… Rob Stradling
- Re: [Trans] overview of remaining(?) DISCUSS item… Andrew Ayer
- Re: [Trans] overview of remaining(?) DISCUSS item… Paul Wouters
- Re: [Trans] overview of remaining(?) DISCUSS item… Rob Stradling
- Re: [Trans] overview of remaining(?) DISCUSS item… Eran Messeri
- Re: [Trans] overview of remaining(?) DISCUSS item… Alissa Cooper
- Re: [Trans] overview of remaining(?) DISCUSS item… Rob Stradling
- Re: [Trans] overview of remaining(?) DISCUSS item… Rob Stradling
- Re: [Trans] overview of remaining(?) DISCUSS item… Paul Wouters