Nico,
On Thu, May 22, 2014 at 1:48 PM, Stephen Kent <[email protected]> wrote:
That's a very confusing last phrase.
I had no problem reading it.
a literal reading of it is as sarcasm. If that's PHB's intent, fine, but
I just wanted to verify that there was no typo.
I saw no sarcasm in it.
I was just confused, as I said. PHB's reply was helpful.
In other words, your concern is about CT in general, not DNSSEC in
particular. Sounds like a separable issue to me. But if CT makes sense then
it makes sense for DNSSEC.
yes, my complaint about a lack of a doc describing CT architecture is not
specific to the CT for DNSSEC discussion.
We agree.
OK.
CT may be appropriate for the Web PKI, w/o being a great idea for DNSSEC.
I take it you concede that lack of name constraints isn't the only
reason to want CT.
agreed.
I'll concede that CT for DNSSEC might not be a good idea. Did I ever
say it is? I started the discussion with an inference: CT is for
PKIs, DNSSEC is a PKI, therefore CT fits DNSSEC, discuss.
I thought you did. I think CT for the Web PKI needs is missing an arch
doc, and absent that doc it's now clear how good CT is for that case.
This I consider it premature to suggest CT for DNSSEC si an obvious next
step,
as some have suggested.
Until we have a doc that describes the architecture, we can't evaluate how
good
it is in either context.
We have a doc; it's missing important things. I agree. But I think
we can have some of this discussion given what we know now. Indeed,
we've been having this discussion, and important things have come up
(privacy protection, spam).
The experimental RFC does not provide a comprehensive problem statement,
a clear description of all of the elements of a proposed solution, an
explicit discussion of all of the assumptions that appear to underlie the
design, i.e., what must happen for CT achieve its goals, and an
analysis of what happens if some (implicit) assumptions are not satisfied.
I'm going to develop what I see as the missing arch doc, to elicit
feedback from
the WG and the RFC authors. The WG can decide whether this is necessary,
but I
believe the exercise will, in any case, be useful.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
