Eran,
Thanks for being willing to make changes to the Monitor description.
the next text is better, but, IMHO it still has problems. For example
Monitors watch logs to check that they behave correctly, for
certificates of interest, or both. For example, a monitor may be
configured to report on all certificates that apply to a specific
domain name when fetching new entries for consistency validation.
A monitor needs to, at least, inspect every new entry in each log it
watches.
The first sentence is very confusing. I still think the primary job of a
monitor
is to observe logs for cert "of interest" not to detect log misbehavior.
The latter
function is the focus of auditing. Why make one (of 4) types of log
misbehavior a
function for Monitors? Why not focus exclusively on log observation? The
characterization of monitoring in the introduction (page 4) says:
* Those who are concerned about misissuance can monitor the logs,
asking them regularly for all new entries, and can thus check whether
domains they are responsible for have had certificates issued that
they did not expect.*
Thus the changes I have requested are consistent with what the doc
already says.
The "for example" sentence also isn't great from a standards
perspective. First, it's
just an example, and "domain" isn't defined. Also it again focuses on
consistentcy
validation for a log instead of protecting Subjects by detecting issuance of
bogus certs.
I cold go on, but I think you get the sense of my concerns.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
