Ryan,
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On May 21, 2018 2:40 PM, Ryan Sleevi <[email protected]> wrote:
> Thanks for the replies, Stephen.
>
> Given the disagreements in interpretation and application of 6962-bis, it
> sounds like this document should not progress until we've resolved those
> matters in 6962-bis. Does that sound like a reasonable path forward?
Yes, but I will post a new version of the threat doc with all of the changes I
promised to make in my replies to David and Andrew.
> I don't feel comfortable that this document describes the running code, and
> I'm hesitant to believe we'll get rough consensus because of it, so that
> might be a worthwhile path forward here.
Unfortunately, 6962-bis completed WGLC over 6 months ago, so it had the
consensus of the WG at that time, as determined by the chairs.
> Given the issues Andrew has pointed out, which I'm largely agreeing with or
> contextualizing, would you feel comfortable proposing changes to 6962-bis on
> areas you feel it disagrees with the feedback, or is that something that you
> would feel more confident if Andrew and I do? If they are accepted, would you
> feel comfortable making these changes to the threat document?
I proposed numerous changes to 6962-bis over a several year interval. A few
were adopted but many were not, e.g., the definition of the Monitor function.
6962-bis never defined mis--issuance, not does it provide a concise
characterization of the broad purpose of CT. I included these things in the
threat analysis (and in some docs that were not adopted by the WG). If 6962-bis
were revised to address these omissions, the threat analysis doc would be
revised accordingly. But, you need to get the WG chairs and the cognizant AD
(EKR) to agree to make such changes to 6962-bis at this very late stage.
> As it stands, I don't feel like the threat document is reflective of intent
> or practice, and that leaves me a bit concerned about its general utility for
> future readers.
The analyses in the threat doc are based primarily on what 6962-bis says re how
CT will operate. Intent is not clearly stated in several areas and, from what
you and Rob have said, it may not reflect practice either. But, those issues
are for the authors of 6962-bis to address, not me.
Steve
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
