Re: [wpkops] draft-housley-web-pki-problems-00

Karen O'Donoghue <odonoghue@isoc.org> Tue, 07 July 2015 22:41 UTC

Return-Path: <odonoghue@isoc.org>
X-Original-To: wpkops@ietfa.amsl.com
Delivered-To: wpkops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36DFB1B29CB for <wpkops@ietfa.amsl.com>; Tue, 7 Jul 2015 15:41:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GwUDRgwAWjX8 for <wpkops@ietfa.amsl.com>; Tue, 7 Jul 2015 15:41:31 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0689.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:689]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 309071B29C7 for <wpkops@ietf.org>; Tue, 7 Jul 2015 15:41:31 -0700 (PDT)
Received: from DM2PR0601MB1118.namprd06.prod.outlook.com (10.160.218.139) by DM2PR0601MB1120.namprd06.prod.outlook.com (10.160.218.140) with Microsoft SMTP Server (TLS) id 15.1.207.19; Tue, 7 Jul 2015 22:41:09 +0000
Received: from DM2PR0601MB1118.namprd06.prod.outlook.com ([10.160.218.139]) by DM2PR0601MB1118.namprd06.prod.outlook.com ([10.160.218.139]) with mapi id 15.01.0207.004; Tue, 7 Jul 2015 22:41:09 +0000
From: Karen O'Donoghue <odonoghue@isoc.org>
To: Joel Jaeggli <joelja@bogus.com>
Thread-Topic: [wpkops] draft-housley-web-pki-problems-00
Thread-Index: AQHQuMVRBJHTcNNgwkKFxVuQES1uPp3QZvGAgAAmTICAAA1AAA==
Date: Tue, 7 Jul 2015 22:41:09 +0000
Message-ID: <3BECB6DA-3E91-407B-97F7-F822EFC08A5D@isoc.org>
References: <28D7CC3C-E21C-4D01-8F13-F2D661D82D71@vigilsec.com> <8d66da4eb5d24bb89f8d6b934640ea61@EX2.corp.digicert.com> <559C4A67.90700@bogus.com>
In-Reply-To: <559C4A67.90700@bogus.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: bogus.com; dkim=none (message not signed) header.d=none;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2620:0:1012:fd00:591c:20b4:463f:f882]
x-microsoft-exchange-diagnostics: 1; DM2PR0601MB1120; 5:DScEk6OUdkmrz+ZB+ACYVOVd6P3vJeB6EYOo1WgcrRuUG9tXtHNajVbsgz+ms5yRNuuSfCkNLzLPhR7wP5r5uwnsdlus1mn1EJ0g9R5Dgcr7NYkyk6pXjxD9vb5F0ddfBXhZwmvTb1e4mcgxjECH8g==; 24:YdQ2Akgv0t2FAyb7q2PDrqXw9ltpMDYH5bgRQcotHNBuGc8AFb62F23iDHiAKkl8ir+WC2jzb7JtRuuNXUAUPXQKupn1lsmGkc6ZD784F0Q=; 20:LrRB+Icc3Kh1jIQkdzNSo5RxhZ/aVERoSyDHFtnDoE1hqBIFdDRz+SlXKJBZgZGgAcP9WkCoNXMblTeYVYNh/w==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0601MB1120;
x-microsoft-antispam-prvs: <DM2PR0601MB11206E06F2AB0B28D59B82EBC2920@DM2PR0601MB1120.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(3002001); SRVR:DM2PR0601MB1120; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0601MB1120;
x-forefront-prvs: 0630013541
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(13464003)(51704005)(377454003)(24454002)(479174004)(83716003)(40100003)(2656002)(86362001)(77156002)(33656002)(106116001)(102836002)(54356999)(99286002)(77096005)(2900100001)(50986999)(19580405001)(19580395003)(2950100001)(15975445007)(62966003)(76176999)(87936001)(82746002)(46102003)(92566002)(189998001)(5001920100001)(36756003)(230783001)(5002640100001)(110136002)(5001960100002)(3826002)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR0601MB1120; H:DM2PR0601MB1118.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <C6468B2AC24DB449A0F427C5FAB30ADC@namprd06.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jul 2015 22:41:09.4951 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0601MB1120
Archived-At: <http://mailarchive.ietf.org/arch/msg/wpkops/ZD70kBtGkceRnZYDwI4hRBgarQk>
Cc: "wpkops@ietf.org" <wpkops@ietf.org>, Russ Housley <housley@vigilsec.com>, Jeremy Rowley <jeremy.rowley@digicert.com>
Subject: Re: [wpkops] draft-housley-web-pki-problems-00
X-BeenThere: wpkops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <wpkops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpkops>, <mailto:wpkops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wpkops/>
List-Post: <mailto:wpkops@ietf.org>
List-Help: <mailto:wpkops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpkops>, <mailto:wpkops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2015 22:41:34 -0000

(speaking for myself and not Russ… )

Joel is correct that this was an initial draft to start a conversation. The point was to collect some of the technical and non-technical issues associated with deployment and use of PKI. This might then be used to scope a conversation about possible things that could improve the situation and venues for the development of those interventions. This is the first step and any comments or additions are welcome. 

(apologies to Joel and others about the “at the deadline” submissison). 

 
> On Jul 7, 2015, at 5:53 PM, joel jaeggli <joelja@bogus.com> wrote:
> 
> On 7/7/15 12:36 PM, Jeremy Rowley wrote:
>> This paper sounds like a wish list of select issues taken from the
>> Mozilla forums.  I don't see why it would be published as
>> informational RFC? Is the goal to make a list of issues that
>> community members feel need to be discussed? I don't get it.
> 
> In general, I'd look at a 00 draft published against the deadline for a
> particular meeting as the opening salvo in a conversation someone wants
> to have, in this case somewhere at ietf 93.
> 
> I have this somewhere in my queue along with some fraction of the other
> thousand or so drafts submitted against the monday cutoff.
> 
>> The conclusions seem to be 1) Have a CAB Forum that is more
>> transparent (which is out of scope of the IEFT - I'm not sure I've
>> ever seen an IETF paper specifically call out to another industry
>> body requesting a change in its membership?) and 2) Use Let's Encrypt
>> - one specific member of the CA community.  Many CAs already offer
>> free tools to automate issuance, making the call out to Let's Encrypt
>> very odd in an IETF document, especially where the touted feature -
>> new automated tools - already exist
>> (https://www.digicert.com/express-install/).  I have a similar
>> complaint about the reference to acme where PHB has been proposing
>> something similar for a LONG time
>> (https://tools.ietf.org/html/draft-hallambaker-omnibroker-06).
>> 
>> I'm also not sure why you selected the specific issues for inclusion
>> in the paper. For example, the paper doesn't mention inconsistencies
>> in validation levels, which (imo) is a bigger issue than the "too big
>> to fail" scenario. Cost also is a weird issue to include in the
>> document since it's always relative.  It's also very difficult to
>> discuss without running afoul of anti-trust laws.
>> 
>> Jeremy
>> 
>> -----Original Message----- From: wpkops
>> [mailto:wpkops-bounces@ietf.org] On Behalf Of Russ Housley Sent:
>> Tuesday, July 7, 2015 8:57 AM To: wpkops@ietf.org Subject: [wpkops]
>> draft-housley-web-pki-problems-00
>> 
>> I want to make people on this list aware of this draft that was
>> posted yesterday.
>> 
>> Stephen Farrell suggested that this list might be a good place to
>> discuss it.
>> 
>> Russ
>> 
>> _______________________________________________ wpkops mailing list 
>> wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
>> 
>> _______________________________________________ wpkops mailing list 
>> wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
>> 
> 
> 
> _______________________________________________
> wpkops mailing list
> wpkops@ietf.org
> https://www.ietf.org/mailman/listinfo/wpkops