IETF Logo Mail Archive

Re: [Trans] overview of remaining(?) DISCUSS items for draft-ietf-trans-rfc6962-bis-33

Ryan Sleevi <ryan-ietf@sleevi.com> Tue, 24 September 2019 02:05 UTC

Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5A991200E7 for <trans@ietfa.amsl.com>; Mon, 23 Sep 2019 19:05:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.026, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PesOqIgIF53n for <trans@ietfa.amsl.com>; Mon, 23 Sep 2019 19:05:53 -0700 (PDT)
Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B50E1120086 for <trans@ietf.org>; Mon, 23 Sep 2019 19:05:52 -0700 (PDT)
Received: by mail-ed1-f51.google.com with SMTP id a15so284722edt.6 for <trans@ietf.org>; Mon, 23 Sep 2019 19:05:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JPz++QStRzjT1z8SnZtjTAgHX7WLkf3fAsevm+VQBYU=; b=Hek2pfQpm8dG0xTZHGGhZ39WfEy89+1T0cxRN5WHK1gRhTqzz2iAbVos49PSPpstQE xxBvW8dsP2liikj/GpfGS3Z4BECTJGnFc/O8AKGXgZ5qCVjTuKq15GiSBBhGkbqyrjoF gtcgwkCthvogjGyjoXXqdVk535hnIolYy6jJwE8FyfVmk63USSrlRJ5OjoK/OO/3LIfx bKhaf2AFFYr4oJ798cD4Y44woFQJiJNacgzFe1YbgvmiL+9fLcUF7bmxo0hsBw1wpfob sVlDHXocdvZPl+ldwQJkEDZy4kxALOXmSN/KpJOCs/l52pDSzOb0xbgG3EftGzvWdzYu e7sA==
X-Gm-Message-State: APjAAAWjifu9dLrSyYacageSVSOW+gzEvl59ptJ/eyKl5B+ZFExGX7Jv PybjMQeSvoPXbgfNMbxPWPt4N/2qjTU=
X-Google-Smtp-Source: APXvYqwdMgn2BIdQFrEd0Qe+zqXDb+oryb8rJiYFm21IKOSIv01Uch9cDldfx8soUBbE3u9kx8oSsA==
X-Received: by 2002:a17:906:fc02:: with SMTP id ov2mr404199ejb.273.1569290750940; Mon, 23 Sep 2019 19:05:50 -0700 (PDT)
Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com. [209.85.221.47]) by smtp.gmail.com with ESMTPSA id q26sm40227eji.65.2019.09.23.19.05.50 for <trans@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 23 Sep 2019 19:05:50 -0700 (PDT)
Received: by mail-wr1-f47.google.com with SMTP id l11so71222wrx.5 for <trans@ietf.org>; Mon, 23 Sep 2019 19:05:50 -0700 (PDT)
X-Received: by 2002:adf:bb0a:: with SMTP id r10mr248641wrg.13.1569290750121; Mon, 23 Sep 2019 19:05:50 -0700 (PDT)
MIME-Version: 1.0
References: <alpine.LRH.2.21.1909181506160.11898@bofh.nohats.ca> <b6ec6a38-a4c2-64b4-0584-d13deead2605@sectigo.com> <alpine.LRH.2.21.1909191211080.29314@bofh.nohats.ca> <4632c221-c207-72c4-83c3-ecc8dcbf2ba7@sectigo.com> <alpine.LRH.2.21.1909231733480.23118@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1909231733480.23118@bofh.nohats.ca>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Tue, 24 Sep 2019 04:05:39 +0200
X-Gmail-Original-Message-ID: <CAErg=HFG7xqKn9f5hnqnoskAN_jYhKEwVa12-sJ-rzGNfTUYjQ@mail.gmail.com>
Message-ID: <CAErg=HFG7xqKn9f5hnqnoskAN_jYhKEwVa12-sJ-rzGNfTUYjQ@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Alissa Cooper <alissa@cooperw.in>, Rob Stradling <rob@sectigo.com>, Trans <trans@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b5ddb6059342f92e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/9yKTurCvZuhE4RSSWwh8klkVTXU>
Subject: Re: [Trans] overview of remaining(?) DISCUSS items for draft-ietf-trans-rfc6962-bis-33
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2019 02:05:55 -0000

On Mon, Sep 23, 2019 at 11:36 PM Paul Wouters <paul@nohats.ca> wrote:

>
> >
> > Hi Paul.  This was my thought process...
> >
> > A mechanism for a log to change its base url might be "nice to have",
> > but it would add complexity.  Adding complexity should be avoided unless
> > it's "really necessary".  "nice to have" is not "really necessary", and
> > besides, there is already a mechanism for achieving the same goal:
> > retire the current log and spin up a new log.
> >
> > The ecosystem needs to be agile enough to support regular log retirement
> > and regular spinning up of new logs, so let's not (over)engineer an
> > alternative mechanism that assumes the ecosystem lacks that agility.
>
> While I agree with you, I am just a WG chair. So we need to hear a few
> more opinions of people and then if there is a consensus, we can go ahead
> and make this change.


Sorry about that, Paul. I’m so used to the CA/Browser Forum and related,
where it’s more pressing to chime in on the bad ideas early, rather than
the good ideas like this one.

To be clear: I agree with Rob that the flexibility to make that change
seems better addressed through agility of the client. I realize this is
somewhat divergent from how 6962 was initially promoted (“just a few logs
and never need to change them”), but the operational experience there has
emphasized the importance of client agility.

Similar to the Base URL discussion by Andrew Ayer, the less flexibility we
attempt to accommodate log operators with, the greater predictability and
verifiability we offer clients. Thus, avoiding “nice to haves” that
introduce unpredictable flexibility is... nice to have. So that’s why Rob’s
response sounds right to me, and the best answer is rely on client agility
for exceptional situations.

>

v2.23.0 | Report a Bug | By Email