On 14/07/15 15:38, Stephen Kent wrote:
Rob,
...
Does _anyone_ care about IETF standards when it comes to UI?
Has IETF ever actually published any standards relating to web browser
UI?
rejecting a cert, as the doc in question has previously mandated (as
recently as the -05 version), is not just a UI issue, IMHO. It's protocol
behavior and, as I noted last year, it's protocol behavior that requires a
plan to deal with incremental deployment.
Less severe forms of discrimination against certs not accompanied by an
SCT may fall under the browser UI heading, and that they are not subject to
IETF standardization.
I agree that rejecting a cert is protocol behaviour.
However, I'm expecting that the "incremental deployment" will only
involve "less severe forms of discrimination". Only once the
"incremental deployment" is complete are we likely to see web browsers
starting to reject certs that are not accompanied by SCT(s), IMHO.
And clearly there's no need for a plan that would only be needed once
there's no longer any need for a plan. ;-)
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
