Carlos,
Karen/Steve,
Sorry for getting back to this late.
Andy is right on the money: the text validation-reconsidered has
possible 'things that can go wrong' could be removed but the main idea,
as Andy says, is to engineer robustness into the system in a way that
the system will be more resilient in the face of unexpected events that
we might have or have not thought about.
I agree that improving system robustness is a generally good idea.
However, if one argues for a major change to the existing system,
the justification needs to be precise, and compelling, and well
defined.
Addressing unanticipated events is a good idea too, but addressing
anticipated, clearly identified events seems even more important.
That's why I believe we ought to take into account the events described
in adverse actions when we consider making any significant change to
the cert path validation algorithm.
Now, if you are proposing that we could have a single document
enumerating threats and 'other things that could go wrong', I thing I
could agree with that on the understanding that we agree to clearly
separate threats from remediation proposals. This means probably
removing some text from Steve's draft as well.
I stated that I would remove the sections on detection and remediation
during the meeting. By the end of this week I hope to have a new version
posted which does that, and which adds a generic, additional concern that
addresses the issue Sriram raised. The revised adverse actions document
should meet the criteria you state above.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
