Folks,
Ben Kudak politely noted that my reply to Andrew's comments lost all formatting
when I sent it. I have attached the formatted version that I prepared, as a
PDF, to facilitate review.
Sorry,
Steve
‐‐‐ Original Message ‐‐‐
On May 7, 2018 2:29 PM, Andrew Ayer
On Tue, May 15, 2018 at 10:50 AM, David A. Cooper
wrote:
> I can't speak for Steve, but I can provide an example of a syntax error I
> encountered as a result of "quirks of CA certificate-issuing software."
>
> Many years ago when I was tasked to check whether certificates
I can't speak for Steve, but I can
provide an example of a syntax error I encountered as a result of
"quirks of CA certificate-issuing software."
Many years ago when I was tasked to check whether certificates
being issued by a CA were being issued in
On Mon, May 14, 2018 at 11:26 AM, Stephen Kent wrote:
> Also, note that 6962-bis says: “Logs SHOULD accept certificates and
> precertificates that are fully valid according to RFC 5280 [RFC5280]
> verification rules and are submitted with such a chain.” This text suggests
> that
Andrew,
Thanks for taking the time to review the document and for the nice organization
of your comments.
A. Logs do not check for syntactic misissuance
Sections 4.1.1.1 and 4.2.1.1 give the impression that logs check, or ought to
check, submitted certificates for syntactic
I have been unable to find anywhere in
my comments where I suggested that syntactic mis-issuance should
not be discussed in the document. The "responses" you provided
have nothing to do with my comments.
On 05/09/2018 08:49 AM, Stephen Kent wrote:
Subject:
Re: [Trans] WGLC started for
draft-ietf-trans-threat-analysis
Date:
Mon, 7 May 2018 16:48:44 -0400
From:
David A.
On Wed, 9 May 2018, Stephen Kent wrote:
I believe the current last call was intended to solicit comments only on the
changes made since the -012 version, since prior last calls solicited comments
on the
rest of this I-D months ago.
No. Any WGLC is about the entire document, and everyone is
I have review the current draft of the threat analysis document and believe
that there are a number of issues that should be addressed before this document
is approved. Below ar ethe comments that I have on the draft:
I believe the current last call was intended to solicit comments only on the
I think it's fine for browsers to check for syntactic errors in
certificates. However, I interpreted "thorough syntactic checks on
certificates" to mean that browsers should be performing checks such as
the ones described in
On Fri, 4 May 2018 14:51:47 -0400
"David A. Cooper" wrote:
> Section 4.1.1.4 says "Unfortunately, experience suggests that many
> browsers do not perform thorough syntactic checks on certificates, and so
> it seems unlikely that browsers will be a reliable way to detect
draft-ietf-trans-threat-analysis-13 has a number of issues that ought
to be fixed before it's published.
A. Logs do not check for syntactic misissuance
Sections 4.1.1.1 and 4.2.1.1 give the impression that logs check,
or ought to check, submitted certificates for syntactic misissuance.
Page 20
On 04/16/2018 05:01 PM, Paul Wouters
wrote:
Hi,
This starts a 3 week WGLC for draft-ietf-trans-threat-analysis
Previously, there were some contentious issues regarding the dual
CA
attack that dkg came up with. The current
Hi,
This starts a 3 week WGLC for draft-ietf-trans-threat-analysis
Previously, there were some contentious issues regarding the dual CA
attack that dkg came up with. The current version should address all
those issues. But since it has been a (very!) long time since this
document was discussed
14 matches
Mail list logo