Re: [wpkops] Browser behaviour draft
Tim Moses <tim.moses@entrust.com> Thu, 24 July 2014 12:42 UTC
Return-Path: <tim.moses@entrust.com>
X-Original-To: wpkops@ietfa.amsl.com
Delivered-To: wpkops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC2A81A0251 for <wpkops@ietfa.amsl.com>; Thu, 24 Jul 2014 05:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PB2MylqBlNDt for <wpkops@ietfa.amsl.com>; Thu, 24 Jul 2014 05:42:32 -0700 (PDT)
Received: from ipedge2.entrust.com (ipedge2.entrust.com [216.191.252.25]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F02341A024C for <wpkops@ietf.org>; Thu, 24 Jul 2014 05:42:31 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.01,724,1400040000"; d="scan'208";a="1571743"
Received: from unknown (HELO sottexchcas.corp.ad.entrust.com) ([10.4.51.93]) by ipedge2.entrust.com with ESMTP/TLS/AES128-SHA; 24 Jul 2014 08:42:30 -0400
Received: from SOTTEXCH11.corp.ad.entrust.com ([fe80::303b:8584:c6f4:be18]) by sottexchcas1.corp.ad.entrust.com ([::1]) with mapi id 14.03.0195.001; Thu, 24 Jul 2014 08:42:31 -0400
From: Tim Moses <tim.moses@entrust.com>
To: Gervase Markham <gerv@mozilla.org>, "wpkops@ietf.org" <wpkops@ietf.org>
Thread-Topic: [wpkops] Browser behaviour draft
Thread-Index: Ac+ms94oJr0mgv4pQF68oJysomSRsgAjjGKAAAGHQDA=
Date: Thu, 24 Jul 2014 12:42:29 +0000
Message-ID: <5B68A271B9C97046963CB6A5B8D6F62CFCC99677@SOTTEXCH11.corp.ad.entrust.com>
References: <0986C055-3FA5-4EF9-8E3C-B8B9684FBAAE@entrust.com> <53D0CFE7.6070102@mozilla.org>
In-Reply-To: <53D0CFE7.6070102@mozilla.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.4.160.44]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/wpkops/LjNd9R77hnKoLC2ZzgjnV-0IYKM
Subject: Re: [wpkops] Browser behaviour draft
X-BeenThere: wpkops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <wpkops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpkops>, <mailto:wpkops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/wpkops/>
List-Post: <mailto:wpkops@ietf.org>
List-Help: <mailto:wpkops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpkops>, <mailto:wpkops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jul 2014 12:42:34 -0000
Hi Gerv. It has to be "opportunity"; we all know that users don't possess the capability to manage security on their end systems. Ooh! I should put a smiley face after that. ;-) We made a decision to record the state of Web PKI at a point in time. (That being the end of 2013.) The state is continuously evolving, and it would be a poor use of our time if we were to attempt to track it. However, if completion is delayed much beyond the projected completion date, we may have to revisit that decision. Thanks for your helpful input. All the best. Tim. -----Original Message----- From: Gervase Markham [mailto:gerv@mozilla.org] Sent: Thursday, July 24, 2014 5:21 AM To: Tim Moses; wpkops@ietf.org Subject: Re: [wpkops] Browser behaviour draft Hi Tim, On 23/07/14 21:22, Tim Moses wrote: > Colleagues - I would like to advance the Browser Behaviour draft ... > > http://datatracker.ietf.org/doc/draft-wilson-wpkops-browser-processing > / > > ... to WG draft. This document (helpfully) states: "This document reviews some of the certificate-processing features of the following cryptolibraries: Network Security Services (NSS), in two code sets, Classic (NSS-Classic) and PKIX (NSS-PKIX); ..." However, as of two days ago, with the release of Firefox 31, Firefox switched to using mozilla::pkix for certificate verification: https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/ https://www.mozilla.org/en-US/firefox/31.0/releasenotes/ You will need to decide whether to hold the document while you update it to take account of any changes. I can tell you that mozilla::pkix also does not do AIA chasing. "and most end users can manually add or remove root certificates" Is that a statement about opportunity or capability? :-) Perhaps better as: "most user agents give end users the opportunity to add or remove root certificates". Gerv
- [wpkops] Browser behaviour draft Tim Moses
- Re: [wpkops] Browser behaviour draft Gervase Markham
- Re: [wpkops] Browser behaviour draft Tim Moses
- Re: [wpkops] Browser behaviour draft Ben Wilson
- Re: [wpkops] Browser behaviour draft Tim Moses