On Wed, Dec 11, 2013 at 1:52 PM, Ben Laurie <[email protected]> wrote: > On 11 December 2013 18:41, Dave Crocker <[email protected]> wrote: > > On 12/11/2013 10:32 AM, Ben Laurie wrote: > >> > >> http://www.ietf.org/mail-archive/web/therightkey/current/msg00680.html > > > > > > > > The text isn't a draft charter. It's a very generic statement of an > idea. > > Formulating that into the detail an actual charter will be helpful. > > > > The text needs to give some explanation of what is being proposed, > beyond a > > highly cryptic label like "Cryptographically verifiable logs". A term > like > > that could mean many things and from the message, I can't tell what is > > meant. > > > > The text needs to explain what sort of usage scenario is expected, with > > enough detail to make the scenario substantive. That permits the reader > to > > get a sense of basic/likely relevance to operational environments. > > Am I allowed to refer to RFC 6962 for background? > > Reiterating what's in there doesn't seem useful.
Well how far do we want the group to be allowed to stray from RFC 6962? One approach would be to divide the problem up into two parts: * An append only log that provides a cryptographic assurance of integrity that is independent of the trustworthiness of the log maintainer from the time of the last checkpoint. * Application of the above to the specific use cases Initial use cases that the WG agreed to deliver might be * PKIX certificate signing certificates * PKIX TLS end entity certificates Use cases that are in scope but without a delivery undertaking might be OpenPGP, S/MIME, etc. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
