IETF Logo Mail Archive

Re: [Trans] path validation

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 01 October 2014 15:05 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 864DF1ACE79 for <trans@ietfa.amsl.com>; Wed, 1 Oct 2014 08:05:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.686
X-Spam-Level:
X-Spam-Status: No, score=-2.686 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LHNGj_F1wRk2 for <trans@ietfa.amsl.com>; Wed, 1 Oct 2014 08:05:32 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 896EC1ACE6F for <trans@ietf.org>; Wed, 1 Oct 2014 08:05:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7587ABE4D; Wed, 1 Oct 2014 16:05:00 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sBGwHBsgEwWg; Wed, 1 Oct 2014 16:05:00 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 4D5E6BE20; Wed, 1 Oct 2014 16:05:00 +0100 (IST)
Message-ID: <542C181C.8040109@cs.tcd.ie>
Date: Wed, 01 Oct 2014 16:05:00 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>, trans@ietf.org
References: <54296FB2.1060109@bbn.com> <4262AC0DB9856847A2D00EF817E81139233695@scygexch10.cygnacom.com> <544B0DD62A64C1448B2DA253C011414607D1629838@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <4262AC0DB9856847A2D00EF817E8113923370C@scygexch10.cygnacom.com> <544B0DD62A64C1448B2DA253C011414607D162989C@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <5429C24B.1050002@gmail.com> <542C1008.4060500@bbn.com>
In-Reply-To: <542C1008.4060500@bbn.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/9YWXN1xjOFkyYLiJzAXGa7Vp00A
Subject: Re: [Trans] path validation
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 15:05:38 -0000

Hiya,

On 01/10/14 15:30, Stephen Kent wrote:
> 
> 
> How can we proceed on CT if we don't have a solid definition of the
> problem it purports to address? Certainly detecting mis-issuance
> has to be well-defined.

I think this is the crux of the matter.

Mis-issuance is not a feature but a bug. Attempting to
describe all possible bugs of any sort is futile. If you
argue that a CT RFC has to describe all possible bugs, then
that amounts to arguing to not do CT. But the IETF has
reached consensus to do CT so it seems that others do not
agree with you that "detecting mis-issuance has to be
well-defined" at least if that is meant to call for a
complete enumeration of all the ways in which mis-issuance
might occur. (And I don't get what else you might have
meant, but please correct me if I'm misreading what
you've written.)

Having some examples of mis-issuance described is quite
reasonable. Asking that all forms of mis-issuance be
documented is not reasonable.

Now as to CABF, while its very reasonable to think about
their requirements, I don't think it'd be a good plan
to hard-code a dependency on a version of those into a CT
RFC. Their baseline reqs doc has changed 3 times this year
already for example and 5 times in 2013 and I suspect will
continue to evolve significantly.

But if you see a stable useful and quotable definition of
mis-issuance in one of their documents, then sending a
pointer to that text would be good. I don't know if there
is such a piece of text though.

Cheers,
S.

PS: I'm not sure CABF would describe themselves as an SDO
either, but that's a mere matter of terminology.

v2.23.0 | Report a Bug | By Email