On Wed, Jun 15, 2016 at 10:29:15PM +0000, Salz, Rich wrote: > > CT doesn't require everything on the web to be public. It only requires > > everything authenticated by the web PKI to be public. > > Pretending that anyone can got an interoperable private PKI that's usable > common browsers (Chrome Safari at least) is, well, just that: pretending.
Now you're moving the goal posts. You said nothing about widely interoperable, and in fact, it's completely contrary to the idea of something that is "private". You can't have "private" and "accessible to lots of people", the world just doesn't work that way. Anything that's private enough that accidental or malicious disclosure isn't a significant risk is also going to be accessed by a sufficiently small group, or in a suitably constrained environment, that managing a private PKI is a smaller cost (and one which is paid by the beneficiary) than the external cost imposed upon the web PKI by redaction and other forms of attempted secrecy. For my money, I think redaction should go from 6962-bis. To my knowledge, the implementations of redaction are far less mature than the implementations of the rest of the spec, the one major client-side implementation of CT has made a policy decision not to support it, and there's still a number of different proposals to make it less prone to attack (hashed labels, et al). I believe that it would be straightforward to retrofit it into the system with a separate RFC at a later time, when all the kinks have been worked out, so there's no reason not to remove it now and have those people who believe redaction is worth pursuing work on it separately. - Matt _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
