On Sun, Aug 26, 2018 at 10:19 PM Paul Wouters <[email protected]> wrote:
> On Thu, 23 Aug 2018, David A. Cooper wrote: > > I would also like to note again, given the nature of > > https://www.ietf.org/mail-archive/web/trans/current/msg03225.html, that > I submitted the comments on May 9 > > specifically because of a request from the WG chairs > > (https://www.ietf.org/mail-archive/web/trans/current/msg03146.html) to > "please review the entire document." So, any > > implication that there was something inappropriate about submitting > comments on new issues after draft -13 was > > published is rather unfortunate. > > Indeed. Due to the long delays between draft versions we encouraged > people to look at the entire document again. And seeing how it has > taken a lot of time again, any new WGLC on this document would also > be phrased like this. > I've been working to review the latest changes from Draft-15, and conducting this as a complete and comprehensive review. I am fairly concerned with the state of the document, in terms of conflicts between various descriptions, alternating between descriptive and prescriptive advice, multiple absolutes (e.g. "Only if", "unless a") for unknown or unimplemented quantities, and both omissions of attacks that have been discussed rather substantially in the CT space - such as maliciously logged certificates, which touches on everything from redaction to revocation - and its inclusion of attacks that are not relevant or applicable for the described problem space (Web PKI). I've been working to gather rather comprehensive feedback on this, but in reviewing that with others to make sure I've not missed something, it was pointed out to me the ambiguous state of where this document stands and whether such feedback is valuable and useful to the efforts of the WG. Could the chairs clarify: Given Draft-15 has been published, is there an intent to surface a new WGLC? Or is the view that Draft-15 should only address the specific feedback raised, and no new issues can be noted? As it stands, I don't believe the document is reflective of the existing or proposed CT ecosystem as it relates to the Web PKI, nor accurate in the problems it does describe or addressing the problems that many in the ecosystem are concerned about.
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
