Colleagues - As discussed, the idea is to document the Web PKI as it is practiced today. Generally, that means considering product versions other than the most recent one from each significant supplier. But, in order to keep the workload at a manageable level, we will have to eliminate product versions that are seldom encountered today. Without making reference to specific products and versions, it's tough to come up with an objective criterion for identifying the versions that deserve to be documented. Therefore, I believe we have to rely on experts' judgments.
As a guide, we might agree that, in order to warrant consideration, a technique must be involved in more than one percent of connections that use the Web PKI. While we would not attempt to apply this threshold with any precision, contributors may appeal to it in order to justify their exclusion of a particular technique. Then the disputant would be called upon to demonstrate that the technique was more prevalent. What do others think? All the best. Tim. _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
