On 12/17/2012 04:51 PM, Ben Laurie wrote: >> (2) abstract: "domain owners or their agents" makes it sound >> like I might have to pay to monitor; be good to re-assure that >> no such constraint is planned. (Such re-assurance doesn't need >> to be in the abstract, arguably not even in the draft, but >> also arguably ought be somewhere.) While its none of the >> IETF's business who charges for what in general, in this case, >> where there has been ongoing negative comment on the impact of >> PKI business models on Internet security, I do think it'd be >> good for the authors of proposals to be clear how they think >> they're affecting such charging issues. Personally, I guess >> that since EFF and some academics have been able to afford to >> populate large databases of TLS server certs, this shouldn't >> become a huge barrier, but it could in principle impose new >> subscription costs or constraints on TLS servers or even >> clients and that might not be a good plan. > > Well, a log isn't much use unless it is public - but I don't really > know how to say much about who charges for what. We can state our > intent to run free services, but presumably not in an RFC. So ... I > don't really know how to address this.
Yeah that's fair I guess. Maybe if it said that the intent of the RFC is that logs be public & open and SHOULD NOT require subscriptions or authentication for basic operation? S. > _______________________________________________ > therightkey mailing list > therightkey@ietf.org > https://www.ietf.org/mailman/listinfo/therightkey > > _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
