I think doing this would reset the WGLC clock; neither seem like minor changes. We can discuss in Chicago, I hope we can make time, but the WG would definitely have to have consensus on the mailing list.
-- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: [email protected] Twitter: RichSalz > -----Original Message----- > From: Roland Shoemaker [mailto:[email protected]] > Sent: Wednesday, March 22, 2017 5:08 PM > To: [email protected]; Salz, Rich; Ted Hardie > Subject: Possible IETF meeting agenda item: reducing effects of key- > compromise > > Internally at LE we have been having discussions around how the spec can > most effectively reduce the harm of account key compromise and it seems > like it could be a good topic to bring up at the upcoming IETF meeting. > > We've come up with two distinct but not mutually exclusive ideas on this > topic: > > * Deactivating authorizations on key roll-over, summarized here: > https://www.ietf.org/mail-archive/web/acme/current/msg01747.html > * Only allowing a single valid authorization per name to exist at the same > time, summarized here: > https://www.ietf.org/mail-archive/web/acme/current/msg01661.html > > Both of these proposals would be relatively large changes to the current > follow and introduce certain issues for both individual users and large > service > integrators and could definitely use some public discussion before the spec is > finalized. > > It would also be good to hear if there are any other thoughts from other > implementors/contributors as to how we can best reduce the damage done > by key compromise in general. > > -- > Roland Bracewell Shoemaker > Software Engineer > Linux Foundation / Internet Security Research Group _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
