On Tue, Jan 31, 2017 at 7:50 PM, Salz, Rich <[email protected]> wrote:
> > We don't have consensus. We're deadlocked and we're not getting > > sufficient input from the working group to break the deadlock. > > Well, yeah, that's why you get paid the big bucks, right? :) > > > Paul and I can make a decision on the particular question that's a > problem but > > it probably means an appeal and further delay. > > That's the process. > > > Frankly, this working group was chartered under the assumption that the > > goal was detection, not prevention. > > That's my perception as well. Is there anyone who thinks prevention was > part of the scope? > I think this is painting with a bit too broad a brush. One needs to talk about detection under a specific threat model, as I indicated previously. Specifically, there seem to be a number of potential threat models: 1. CAs make mistakes but aren't malicious. 2. CAs are malicious but logs are not 3. CAs and logs are both malicious What technological solution is adequate to detect misissuance depends on which of these three threat models you think applies. -Ekr
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
