Re: [wpkops] Browser behaviour draft
Ben Wilson <Ben.Wilson@digicert.com> Thu, 24 July 2014 15:44 UTC
Return-Path: <Ben.Wilson@digicert.com>
X-Original-To: wpkops@ietfa.amsl.com
Delivered-To: wpkops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED83B1A0387 for <wpkops@ietfa.amsl.com>; Thu, 24 Jul 2014 08:44:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.203
X-Spam-Level:
X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iGImQHfWfzFk for <wpkops@ietfa.amsl.com>; Thu, 24 Jul 2014 08:44:45 -0700 (PDT)
Received: from mail.digicert.com (mail.digicert.com [64.78.193.232]) by ietfa.amsl.com (Postfix) with ESMTP id 7C2961A0266 for <wpkops@ietf.org>; Thu, 24 Jul 2014 08:44:45 -0700 (PDT)
From: Ben Wilson <Ben.Wilson@digicert.com>
To: Tim Moses <tim.moses@entrust.com>, Gervase Markham <gerv@mozilla.org>, "wpkops@ietf.org" <wpkops@ietf.org>
Thread-Topic: [wpkops] Browser behaviour draft
Thread-Index: Ac+ms94oJr0mgv4pQF68oJysomSRsgAnvUSAAAcMiIAABnZboAAMsceA
Date: Thu, 24 Jul 2014 15:44:44 +0000
Message-ID: <d7447e1a965243b9b89d771a50a74cf5@EX1.corp.digicert.com>
References: <0986C055-3FA5-4EF9-8E3C-B8B9684FBAAE@entrust.com> <53D0CFE7.6070102@mozilla.org> <5B68A271B9C97046963CB6A5B8D6F62CFCC99677@SOTTEXCH11.corp.ad.entrust.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [67.137.52.8]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/wpkops/hs3OPJhgWuHfL5RXkhAJv_ZAWjw
Subject: Re: [wpkops] Browser behaviour draft
X-BeenThere: wpkops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <wpkops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpkops>, <mailto:wpkops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/wpkops/>
List-Post: <mailto:wpkops@ietf.org>
List-Help: <mailto:wpkops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpkops>, <mailto:wpkops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jul 2014 15:44:52 -0000
We could add a clear statement in the document that says, "this document describes the state of the Web PKI circa 2013" or something like that. -----Original Message----- From: wpkops [mailto:wpkops-bounces@ietf.org] On Behalf Of Tim Moses Sent: Thursday, July 24, 2014 6:42 AM To: Gervase Markham; wpkops@ietf.org Subject: Re: [wpkops] Browser behaviour draft Hi Gerv. It has to be "opportunity"; we all know that users don't possess the capability to manage security on their end systems. Ooh! I should put a smiley face after that. ;-) We made a decision to record the state of Web PKI at a point in time. (That being the end of 2013.) The state is continuously evolving, and it would be a poor use of our time if we were to attempt to track it. However, if completion is delayed much beyond the projected completion date, we may have to revisit that decision. Thanks for your helpful input. All the best. Tim. -----Original Message----- From: Gervase Markham [mailto:gerv@mozilla.org] Sent: Thursday, July 24, 2014 5:21 AM To: Tim Moses; wpkops@ietf.org Subject: Re: [wpkops] Browser behaviour draft Hi Tim, On 23/07/14 21:22, Tim Moses wrote: > Colleagues - I would like to advance the Browser Behaviour draft ... > > http://datatracker.ietf.org/doc/draft-wilson-wpkops-browser-processing > / > > ... to WG draft. This document (helpfully) states: "This document reviews some of the certificate-processing features of the following cryptolibraries: Network Security Services (NSS), in two code sets, Classic (NSS-Classic) and PKIX (NSS-PKIX); ..." However, as of two days ago, with the release of Firefox 31, Firefox switched to using mozilla::pkix for certificate verification: https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/ https://www.mozilla.org/en-US/firefox/31.0/releasenotes/ You will need to decide whether to hold the document while you update it to take account of any changes. I can tell you that mozilla::pkix also does not do AIA chasing. "and most end users can manually add or remove root certificates" Is that a statement about opportunity or capability? :-) Perhaps better as: "most user agents give end users the opportunity to add or remove root certificates". Gerv _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
- [wpkops] Browser behaviour draft Tim Moses
- Re: [wpkops] Browser behaviour draft Gervase Markham
- Re: [wpkops] Browser behaviour draft Tim Moses
- Re: [wpkops] Browser behaviour draft Ben Wilson
- Re: [wpkops] Browser behaviour draft Tim Moses