I'm glad to hear it, and looking forward to it. I'd like to ask about the two things that seem really necessary to me; sometimes a technical RFC lacks within it the rationale for why we do things. I've been creating essentially a white paper at the same time as writing comments and some prescriptive thoughts on privacy.
There's a fundamental disagreement here over why we would want privacy and transparency on a variable slider, and ultimately, it comes down to the motivations of the entities involved. Some of us want to sell a product that provides privacy, and some of us want to sell a product that is only possible with transparency. Let's not pretend that we're not all faced with differing incentives. I've been on this list for a while, and very quiet because in general, it seems like a fool's game to try to argue people out of acting in their best interests. It wasn't until now that I had a solid idea of what would be useful to this process. There are some very smart people in information security. There are those with strong inclinations towards advocating privacy at multiple levels of organizational size from a individual to a YUUUUUUGE company (sorry, couldn't resist, and we all need to laugh a bit now and then). There are those who see full transparency as a virtue and I can certainly understand why, both on an ideological and a financial level. I've watched this situation be cautiously talked around for months now, and I'd be interested to hear people's thoughts on asking some unassailably corporate-neutral experts on both sides of this debate to provide guidance. Whose opinion are you interested in hearing on whether or not permitting certificate privacy and accepting it as a browser standard is a good idea? I'm putting myself and Symantec out there in a vulnerable way; I and we might not always hear what we want to hear, but every one of us wants to make the internet better in the way we believe will work best. Respectfully, Tarah Wheeler Principal Security Advocate Senior Director of Engineering, Website Security Symantec [email protected]<mailto:[email protected]> From: Eran Messeri <[email protected]<mailto:[email protected]>> Date: Tuesday, November 15, 2016 at 6:17 PM To: Tarah Wheeler <[email protected]<mailto:[email protected]>> Cc: Rob Stradling <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [Trans] Call for adoption: draft-strad-trans-redaction-00 AIUI
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
