Hi, all:
We're looking for feedback on ticket 121
(https://trac.tools.ietf.org/wg/trans/trac/ticket/121).
The issue is this (from Steve Kent):
"After Prague I agreed that log metadata can be supplied by browser
vendors for TLS clients hat are browsers. However, max chain length,
which was just discussed on the list (11/16-17/15), is an example of
metadata that needs to be acquired by CAs, just like the public key for
a log. The text in Section 9 needs to say more about how non-browser log
clients are expected to acquire this data, or maybe it should say that
separate docs defining requirements for each of these types of log
clients will discuss this issue."
and where it currently stands is this (from Eran Messeri):
I agree that log metadata dissemination is a topic that should be more
thoroughly discussed at some point. However, I do not think that
6962-bis is the right place for it.
Steve has a very valid point about metadata not being specified in a
machine-readable format, nor having a part of the protocol describing
how it is disseminated.
I believe these issues should be addressed separately of 6962-bis, because:
The topic of log metadata is one level "above" what 6962-bis discusses.
The requirements for metadata dissemination are very different for each
type of client.
Disseminating metadata reliably is a protocol in itself, which (once the
requirements are clear) deserve its own design.
My suggestion is to punt the discussion until after 6962-bis is out.
Presumably then there would be enough different clients implementing
6962-bis that disseminating metadata would justify more efforts from
this workgroup.
This needs further discussion - should this go into a separate
document?
Melinda
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
