On Tue, Aug 26, 2014 at 10:44 PM, Yoav Nir <[email protected]> wrote: > Hi folks > > In the last few days, we’ve had a bunch of threads re-opening issues with > key-pinning, mostly around the PKP-RO. > > This document has gone through years of discussion on the mailing list, a > WGLC and an IETF LC. > > The document is now under review by the IESG. We (the working group) and the > authors need to address comments and discuss ballots by members of the IESG. > This is an inappropriate time to raise new substantive issues about the > document.
PKP-RO isn't a new issue. The initial draft of PKP-RO was claimed to "follow the same syntax and semantics of the Public-Key-Pins header" [1]. But the text was unclear. When we discussed this in February Ryan proposed to not store PKP-RO pins [2,3]. Myself, Daniel Kahn-Gillmor, and Tom Ritter proposed to store them [4,5,6], and Chris added text for this [7,8,9,10]. I later discussed other cleanup of the PKP-RO text [11]. As part of that Chris changed some of the wording to *not* store PKP-RO pins [12]. I pointed out the discrepancy and that "I thought we decided the opposite" a couple times [13,14], but there was a misunderstanding and he changed things more towards *not* storing PKP-RO [15]. A couple days after you declared "this working group has done as much as we can", and further discussion would be "counter-productive" [16]. But I still think storing PKP-RO would be better, and seemed to be the group's preference. Trevor [1] http://www.ietf.org/mail-archive/web/websec/current/msg01539.html [2] http://www.ietf.org/mail-archive/web/websec/current/msg02030.html [3] http://www.ietf.org/mail-archive/web/websec/current/msg02037.html [4] http://www.ietf.org/mail-archive/web/websec/current/msg02042.html [5] http://www.ietf.org/mail-archive/web/websec/current/msg02043.html [6] http://www.ietf.org/mail-archive/web/websec/current/msg02044.html [7] http://www.ietf.org/mail-archive/web/websec/current/msg02051.html [8] http://www.ietf.org/mail-archive/web/websec/current/msg02054.html [9] http://www.ietf.org/mail-archive/web/websec/current/msg02055.html [10] http://www.ietf.org/mail-archive/web/websec/current/msg02069.html [11] http://www.ietf.org/mail-archive/web/websec/current/msg02075.html [12] http://www.ietf.org/mail-archive/web/websec/current/msg02081.html [13] http://www.ietf.org/mail-archive/web/websec/current/msg02084.html [14] http://www.ietf.org/mail-archive/web/websec/current/msg02094.html [15] http://www.ietf.org/mail-archive/web/websec/current/msg02097.html [16] http://www.ietf.org/mail-archive/web/websec/current/msg02100.html _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
