On Thu, Apr 23, 2015 at 9:37 AM, Phillip Hallam-Baker <[email protected] > wrote:
> On Thu, Apr 23, 2015 at 9:16 AM, Richard Barnes <[email protected]> wrote: > > > > > > On Wed, Apr 22, 2015 at 9:51 PM, Phillip Hallam-Baker > > <[email protected]> wrote: > >> > >> I think this discussion is getting way too deep into the weeds of > >> policy. That isn't a concern IETF has generally taken a definitive > >> stand on. If it had there would not have been the need to set up > >> CABForum outside IETF. > >> > >> As I see it the specification should allow: > >> > >> * A mechanism for the client to indicate the proof(s) of DNS control > >> it can provide. > >> > >> * A mechanism for the service to indicate the proof(s) of DNS control > >> it will accept. > > > > > > I thought that's what this thread was about :) > > No, people were discussing the stuff that I said should be left to > CABForum. > > An IETF working group is temporary. They are not meant to be permanent > institutions. > > Why beat ourselves up here deciding an issue that we can't decide here? > We can design mechanisms here that we believe have a sufficient level of security. CABF and the individual CAs are free to opine on whether those mechanisms are suitable for a given context. In other words, it is my earnest hope that the validation methods listed in Section 11.1.1 of the BRs [1] will not be designed by the CABF, but selected from a list that IETF defines. CABF is not an engineering organization, after all. --Richard [1] https://cabforum.org/wp-content/uploads/BRv1.2.5.pdf
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
