IETF Logo Mail Archive

Re: [wpkops] draft-housley-web-pki-problems-00

Ralph Holz <ralph.ietf@gmail.com> Thu, 09 July 2015 01:41 UTC

Return-Path: <ralph.ietf@gmail.com>
X-Original-To: wpkops@ietfa.amsl.com
Delivered-To: wpkops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC4021A8977 for <wpkops@ietfa.amsl.com>; Wed, 8 Jul 2015 18:41:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l-OXoxo5c1VO for <wpkops@ietfa.amsl.com>; Wed, 8 Jul 2015 18:40:59 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BB571A01F0 for <wpkops@ietf.org>; Wed, 8 Jul 2015 18:40:59 -0700 (PDT)
Received: by oiyy130 with SMTP id y130so179310333oiy.0 for <wpkops@ietf.org>; Wed, 08 Jul 2015 18:40:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=P5zoeRX3ajNoD0aWcgZtXCMnOJdm9ILfuvDYXCvCVnc=; b=Fy0WiwGBHPKKa1cWRM6HyuwAODJIHYAJlx7asmfDOyWqaqfJWVuAthNd0ti9JJSXtf Ih/eIVqgqN5JBT3pyBN3QA52ot26VASBcVP+r8O8ZNabCTShuoitfXchbnzJ94DeXLcW TsDwruSBWaQ/orGzvwyVPx+5tuh3dOPfXhqteQXWFAS9hb/EjBe0aJ4k1V15QijLq7ED Udl2Jt2D34gcduyjjkfLxbTtbIV9Cj0lmHZP7xmXHQnm6j+qeSkgaHJNwpd5R1GIkJ6O lJX61pfOI82haiYIGTCEr+nhC31krsNbpSwEcPywpG8LbC95S9qQaHDTuvYuKTvDv947 Znwg==
MIME-Version: 1.0
X-Received: by 10.182.250.195 with SMTP id ze3mr11972267obc.74.1436406058880; Wed, 08 Jul 2015 18:40:58 -0700 (PDT)
Received: by 10.202.115.1 with HTTP; Wed, 8 Jul 2015 18:40:58 -0700 (PDT)
In-Reply-To: <8d66da4eb5d24bb89f8d6b934640ea61@EX2.corp.digicert.com>
References: <28D7CC3C-E21C-4D01-8F13-F2D661D82D71@vigilsec.com> <8d66da4eb5d24bb89f8d6b934640ea61@EX2.corp.digicert.com>
Date: Thu, 09 Jul 2015 11:40:58 +1000
Message-ID: <CA+K9O5QgGKtNxGLkOKwPsgL9CJBA-N+6v3wPWw+f_qQYcsJW-w@mail.gmail.com>
From: Ralph Holz <ralph.ietf@gmail.com>
To: Jeremy Rowley <jeremy.rowley@digicert.com>
Content-Type: multipart/alternative; boundary="089e01634d7ee49798051a67582f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/wpkops/8hNZmagMaTb4BbyJR7ZRz4vieaM>
Cc: "wpkops@ietf.org" <wpkops@ietf.org>, Russ Housley <housley@vigilsec.com>
Subject: Re: [wpkops] draft-housley-web-pki-problems-00
X-BeenThere: wpkops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <wpkops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpkops>, <mailto:wpkops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpkops/>
List-Post: <mailto:wpkops@ietf.org>
List-Help: <mailto:wpkops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpkops>, <mailto:wpkops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2015 01:41:01 -0000

Informational RFCs that detail shortcomings of technology exist - see,
e.g., the work done in the UTA WG (disclaimer: I am an co-author of one
such RFC).

Calling for specific mechanisms or forums is indeed odd. I'd suggest to
rather go for a list of pointers instead.

Ralph

On 8 July 2015 at 05:36, Jeremy Rowley <jeremy.rowley@digicert.com> wrote:

> This paper sounds like a wish list of select issues taken from the Mozilla
> forums.  I don't see why it would be published as informational RFC? Is the
> goal to make a list of issues that community members feel need to be
> discussed? I don't get it.
>
> The conclusions seem to be 1) Have a CAB Forum that is more transparent
> (which is out of scope of the IEFT - I'm not sure I've ever seen an IETF
> paper specifically call out to another industry body requesting a change in
> its membership?) and 2) Use Let's Encrypt - one specific member of the CA
> community.  Many CAs already offer free tools to automate issuance, making
> the call out to Let's Encrypt very odd in an IETF document, especially
> where the touted feature - new automated tools - already exist (
> https://www.digicert.com/express-install/).  I have a similar complaint
> about the reference to acme where PHB has been proposing something similar
> for a LONG time (
> https://tools.ietf.org/html/draft-hallambaker-omnibroker-06).
>
> I'm also not sure why you selected the specific issues for inclusion in
> the paper. For example, the paper doesn't mention inconsistencies in
> validation levels, which (imo) is a bigger issue than the "too big to fail"
> scenario. Cost also is a weird issue to include in the document since it's
> always relative.  It's also very difficult to discuss without running afoul
> of anti-trust laws.
>
> Jeremy
>
> -----Original Message-----
> From: wpkops [mailto:wpkops-bounces@ietf.org] On Behalf Of Russ Housley
> Sent: Tuesday, July 7, 2015 8:57 AM
> To: wpkops@ietf.org
> Subject: [wpkops] draft-housley-web-pki-problems-00
>
> I want to make people on this list aware of this draft that was posted
> yesterday.
>
> Stephen Farrell suggested that this list might be a good place to discuss
> it.
>
> Russ
>
> _______________________________________________
> wpkops mailing list
> wpkops@ietf.org
> https://www.ietf.org/mailman/listinfo/wpkops
>
> _______________________________________________
> wpkops mailing list
> wpkops@ietf.org
> https://www.ietf.org/mailman/listinfo/wpkops
>

v2.23.0 | Report a Bug | By Email