Rob,
On 29/09/15 16:54, Stephen Kent wrote:
...
(one of which was derived from 6962-bis!).
Which is still a work in progress. ;-)
yes, in progress for a long time, especially compared to how long
I've been working on the arch doc ;-).
...
I thought the intent was for 6962-bis to describe "the protocol" as
well as log operation.
certainly 6962-bis should describe how all log clients interact with it.
is that the "protocol" to which you allude above?
Yes. I also consider the CT-specific parts of network interactions
between TLS clients and TLS servers to be part of "the protocol".
on this point we may disagree. there are several protocols (not one)
that make up the
CT system: the comms used between the log and each of its clients,
comms between a TLS client and a server (which vary depending depending
on how SCTs are delivered), comms between a web site and a thrid-party
Monitor,
and several protocols used to support the Auditor function (gossiping).
So, when you to "the protocol" it's hard for some of us to know which ones
you have in mind. if it's all of them, then I definitely disagree that
they all belong in 6962-bis.
6962-bis has never tried to cover gossip.
agreed.
Ripping out the TLS client/server comms from 6962-bis in the hope that
somebody will specify this in some future doc doesn't seem like a good
idea to me.
it's being done in the arch doc now. If the WG decides that we should have
separate specs for each elements (which I support) then we can extract text
from the arch doc and put it into those separate specs, making the arch doc
shorter and more consistently high level.
It is relevant to CAs, but I believe that CA requirements, other than
how to interact with the log, should not be part of 6962-bis.
Are there any specific "CA requirements" currently in 6962-bis that you
think should be removed from 6962-bis? I can't find any that would fall
outside of "how to interact with the log".
right now, no.
I did think of a few of examples from your discussion of redacted certs.
Text in
3.2.2 tells a CA how to create a name-redacted pre-cert. This seems
irrelevant to log
processing of pre-certs, since it doesn't appear to be a constraint
enforced by a log.
Text in 3.2.3 seems to be a set of directions to a CA, and maybe checks
to be performed by
a TLS client, but not constraints checked by a log. These are examples
of text that
was included in 6962-bis because it needed to be somewhere, but it does
not fit the
notion of log/client interface description.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
