Re: [wpkops] draft-housley-web-pki-problems-00

Phillip Hallam-Baker <ietf@hallambaker.com> Tue, 07 July 2015 15:11 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: wpkops@ietfa.amsl.com
Delivered-To: wpkops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA7B71ACD74 for <wpkops@ietfa.amsl.com>; Tue, 7 Jul 2015 08:11:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmg2DeEWn6aH for <wpkops@ietfa.amsl.com>; Tue, 7 Jul 2015 08:11:13 -0700 (PDT)
Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14CA31A8899 for <wpkops@ietf.org>; Tue, 7 Jul 2015 08:11:13 -0700 (PDT)
Received: by lagx9 with SMTP id x9so199546834lag.1 for <wpkops@ietf.org>; Tue, 07 Jul 2015 08:11:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=NAQJPp5IFZN/LRe213o509BW8vVoTiSGxwQSDaod2Zo=; b=eASGNdC5ebtQL0+NQ91BdS+V66kVZZtkMoffOq/Sea/FQ4IAmk+ZyTYN1UOfBG6ywC f2GWw9llYzByvErGERSqJQNxJ/2IhpXKASkAQLCVpDKUA5Fqt6/lI4s81srr1aX4MFbE EUngZVBYyC9zjZBoDGdPlGVmdjMyYAQkqWZ5+n+OHKfKoeb2bedsimq21r5etgOp54hq qdMl9alIICgBOOCU3KnbKlW/vRbDXa6Ci9IbLDXQLqqM7u3RE2gXPWKSPWuQPpBwAk85 KbekFlO2R+BvA1VL/inu9T69/Hmy7xoILT/479EuCdX5ldqREraBPu5YRKD1q5g2tWm5 AB2Q==
MIME-Version: 1.0
X-Received: by 10.112.170.167 with SMTP id an7mr4467031lbc.103.1436281871618; Tue, 07 Jul 2015 08:11:11 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Tue, 7 Jul 2015 08:11:11 -0700 (PDT)
In-Reply-To: <62149DF7-5173-425A-AC84-DB8D97D63B8A@vigilsec.com>
References: <62149DF7-5173-425A-AC84-DB8D97D63B8A@vigilsec.com>
Date: Tue, 7 Jul 2015 11:11:11 -0400
X-Google-Sender-Auth: gYCrBwuYNFwBIWgNWQJDHOYgLzU
Message-ID: <CAMm+Lwg8-g3TkN-8HQjCd0-me6siU9LQ=cjdCH67kwgB38JX2g@mail.gmail.com>
From: Phillip Hallam-Baker <ietf@hallambaker.com>
To: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary=001a11c368ccc15a1b051a4a6e55
Archived-At: <http://mailarchive.ietf.org/arch/msg/wpkops/IS05zXyxevgLyTSlbFDkIkPrdVs>
Cc: "wpkops@ietf.org" <wpkops@ietf.org>
Subject: Re: [wpkops] draft-housley-web-pki-problems-00
X-BeenThere: wpkops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <wpkops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpkops>, <mailto:wpkops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpkops/>
List-Post: <mailto:wpkops@ietf.org>
List-Help: <mailto:wpkops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpkops>, <mailto:wpkops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2015 15:11:15 -0000

Good idea, I forwarded it on some CA lists as well.

One omission I think needs to be called out is that the WebPKI scope is
limited to server authentication. While I don't think that the draft should
consider client auth in detail, it is something that should be pointed out
as a shortcoming.

I think that the main reason we haven't got client auth working on a large
scale is that the administration and usability issues that impact the Web
Server PKI are even more severe for client PKI.

My Mesh project is an attempt to address those issues.