Ben,
...
Stephen also asked for a description of how CT would be incrementally deployed,
and he doubted that a flag day would be viewed as credible.
But we're marching towards a flag day now.
Google has chosen to adopt a flag day approach for its 6962 deployment.
This WG gets to make it's own decision on this topic. But, in any case,
6962-bis
needs to state explicitly whether it assumes a flag day or incremental
deployment.
He also suggested trying to
simplify precertificates or come up with alternatives, and that's
captured in Ticket #26, but that's unlikely to be done in time to help
any CAs before January.
Not an issue for this WG, because you're discussing a Google-centric
activity, not
the standard that this WG is developing, right?
I don't think it is correct to characterise what we're doing as a flag
day. You can absolutely deploy CT before we switch it on in Chrome.
What we're marching towards is a deadline, a completely different
thing.
What can be deployed before this WG is done is an implementation of an
experimental
protocol, not the standards track protocol being developed. How is the
deployment
of that experimental protocol relevant to the discussion of what is in the
standards track doc?
On precertificates, one thing I should clarify is that Google will not
be adopting 6962-bis before January, even if it is done by then, for
the obvious reason that there's not going to be enough time.
again, I assume our ongoing discuss is about 6962-bis.
However, we are working towards supporting the private domain label
extension as a retrofit to 6962, since we've heard from CAs that it is
important to them.
Wouldn't this require CAs to reissue CA certs to the private domains?
have CAs said that they view it as feasible to perform such re-issuance
in the time frame you noted? Never mind, that another 6962 topic, not a
6962-bis topic.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
