Re: [wpkops] draft-housley-web-pki-problems-00

joel jaeggli <joelja@bogus.com> Tue, 07 July 2015 21:53 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: wpkops@ietfa.amsl.com
Delivered-To: wpkops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8531E1AD368 for <wpkops@ietfa.amsl.com>; Tue, 7 Jul 2015 14:53:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GeA6-Z50W9eu for <wpkops@ietfa.amsl.com>; Tue, 7 Jul 2015 14:53:54 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A2911AD35F for <wpkops@ietf.org>; Tue, 7 Jul 2015 14:53:54 -0700 (PDT)
Received: from mb-aye.local (c-50-186-11-175.hsd1.or.comcast.net [50.186.11.175]) (authenticated bits=0) by nagasaki.bogus.com (8.14.9/8.14.9) with ESMTP id t67LrnvY021064 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 7 Jul 2015 21:53:49 GMT (envelope-from joelja@bogus.com)
To: Jeremy Rowley <jeremy.rowley@digicert.com>, Russ Housley <housley@vigilsec.com>, "wpkops@ietf.org" <wpkops@ietf.org>
References: <28D7CC3C-E21C-4D01-8F13-F2D661D82D71@vigilsec.com> <8d66da4eb5d24bb89f8d6b934640ea61@EX2.corp.digicert.com>
From: joel jaeggli <joelja@bogus.com>
Message-ID: <559C4A67.90700@bogus.com>
Date: Tue, 7 Jul 2015 14:53:43 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.0
MIME-Version: 1.0
In-Reply-To: <8d66da4eb5d24bb89f8d6b934640ea61@EX2.corp.digicert.com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="QgvLQNtgIQdeaMUkWRiEWGAAdm1QFLMGr"
Archived-At: <http://mailarchive.ietf.org/arch/msg/wpkops/NITxwXDsIZYGvSHsWw89iRkiWg0>
Subject: Re: [wpkops] draft-housley-web-pki-problems-00
X-BeenThere: wpkops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <wpkops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpkops>, <mailto:wpkops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpkops/>
List-Post: <mailto:wpkops@ietf.org>
List-Help: <mailto:wpkops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpkops>, <mailto:wpkops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2015 21:53:55 -0000

On 7/7/15 12:36 PM, Jeremy Rowley wrote:
> This paper sounds like a wish list of select issues taken from the
> Mozilla forums.  I don't see why it would be published as
> informational RFC? Is the goal to make a list of issues that
> community members feel need to be discussed? I don't get it.

In general, I'd look at a 00 draft published against the deadline for a
particular meeting as the opening salvo in a conversation someone wants
to have, in this case somewhere at ietf 93.

I have this somewhere in my queue along with some fraction of the other
thousand or so drafts submitted against the monday cutoff.

> The conclusions seem to be 1) Have a CAB Forum that is more
> transparent (which is out of scope of the IEFT - I'm not sure I've
> ever seen an IETF paper specifically call out to another industry
> body requesting a change in its membership?) and 2) Use Let's Encrypt
> - one specific member of the CA community.  Many CAs already offer
> free tools to automate issuance, making the call out to Let's Encrypt
> very odd in an IETF document, especially where the touted feature -
> new automated tools - already exist
> (https://www.digicert.com/express-install/).  I have a similar
> complaint about the reference to acme where PHB has been proposing
> something similar for a LONG time
> (https://tools.ietf.org/html/draft-hallambaker-omnibroker-06).
> 
> I'm also not sure why you selected the specific issues for inclusion
> in the paper. For example, the paper doesn't mention inconsistencies
> in validation levels, which (imo) is a bigger issue than the "too big
> to fail" scenario. Cost also is a weird issue to include in the
> document since it's always relative.  It's also very difficult to
> discuss without running afoul of anti-trust laws.
> 
> Jeremy
> 
> -----Original Message----- From: wpkops
> [mailto:wpkops-bounces@ietf.org] On Behalf Of Russ Housley Sent:
> Tuesday, July 7, 2015 8:57 AM To: wpkops@ietf.org Subject: [wpkops]
> draft-housley-web-pki-problems-00
> 
> I want to make people on this list aware of this draft that was
> posted yesterday.
> 
> Stephen Farrell suggested that this list might be a good place to
> discuss it.
> 
> Russ
> 
> _______________________________________________ wpkops mailing list 
> wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
> 
> _______________________________________________ wpkops mailing list 
> wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
>