Hi, all: The discussion seems to have settled out, and this is a check to see where we stand. First, in general it sounds like there's a need for a client behavior document regardless, and we'll take the mechanics of that to a separate discussion. Second, Richard proposed two auditing models (one STH and dynamic inclusion proofs, and many STHs and static inclusion proofs), which in turn led to a discussion of what sort of TLS client we're targeting, in the first place. That we're covering browsers seems uncontroversial but there's not agreement on clients beyond that (for example, command-line or batching tools like curl and wget). I think this is where I need to point out that our current deliverables specify HTTP over TLS but not browsers, even though our documents tend to focus on browsers, and the charter discusses the possibility of addressing other, non-HTTP applications.
I think it would be probably be useful to have another call. Would people involved in this discussion be up for a call next week? Melinda
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
