All - Here's what I had in mind. Tell me if you think it won't work. (What am I saying? Of course you're going to tell me.)
I saw the purpose of this project as "identifying issues" with the way that the Web PKI works, based on a complete and common understanding. We may have different opinions on which of those issues needs to be addressed and with what priority. But, there will be less room for dispute over whether or not the issue exists, or the extent to which it exists. I didn't want to commit to writing requirements unless and until we have the enthusiastic participation of the browser and Web server suppliers. Without their involvement, there is no reason to believe that they would accept such requirements, or that significant considerations had been omitted or misunderstood when writing them. Documenting how things "actually" work (I hope) will foster a well-informed discussion about what works well and what could work better. The discussion may occasionally stray into potential solutions. And, while such discussions would be out-of-scope, and therefore have to be cut short, it should be easier to agree what further actions are required. So, in a sense, there are two types of deliverable: the BCP or info RFCs, and the mail-list discussion about what to do next. And, if we are successful, the latter will be the more valuable. All the best. Tim. -----Original Message----- From: Stephen Farrell [mailto:[email protected]] Sent: Tuesday, August 28, 2012 5:04 PM To: Tim Moses Cc: 'Randy Turner'; [email protected] Subject: Re: [wpkops] Scope So in addition, I was hoping this group would document use-cases and requirements for new protocols or changes to current protocols if the wg figure some are needed so that we could spin-up short-lived SEC or other WGs as needed. I'm not gonna stamp my feet if folks don't want to do that but I'd hope to get that kind of output so's we can concentrate on new protocol work in this space that'll be more likely to get adopted. (I would stamp my feet if folks wanted to specify new protocols in this group.) Cheers, S. On 08/28/2012 08:29 PM, Tim Moses wrote: > Hi Randy. That's right. Hopefully, this will be a precursor to fixing some > of the issues with the Web PKI. But, step one is to "catalog" what we have. > So, we'll start by producing a set of BCPs that document major aspects of the > Web PKI as it is generally practiced today. > > All the best. Tim. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Randy Turner > Sent: Tuesday, August 28, 2012 3:26 PM > To: [email protected] > Subject: Re: [wpkops] Scope > > > Hi Tim, > > So, in a nutshell (because this is an OPS effort), we're doing to: > > 1. Document existing practice, given the most prevalent products, and > 2. Given existing practice, analyze this existing practice for a set > of BCPs > > Is this correct? > > Thanks! > Randy > > On Aug 28, 2012, at 9:59 AM, Tim Moses wrote: > >> Hi Rick. I completely agree. It's covered in the last paragraph of the >> draft charter. In the near future I'll distribute an updated charter >> proposal. All the best. Tim. >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Rick Andrews >> Sent: Tuesday, August 28, 2012 12:56 PM >> To: Adam Langley; Tim Moses >> Cc: [email protected] >> Subject: Re: [wpkops] Scope >> >> Tim, I think the 1% fuzzy threshold is fine. But I really hope that the sum >> total of connections that use Web PKI includes mobile browsers and apps. >> I've heard anecdotally that mobile represents a large and ever-growing share >> of web use, and I think it's essential to include it. >> >> -Rick >> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] On >>> Behalf Of Adam Langley >>> Sent: Tuesday, August 28, 2012 8:09 AM >>> To: Tim Moses >>> Cc: [email protected] >>> Subject: Re: [wpkops] Scope >>> >>> On Tue, Aug 28, 2012 at 10:58 AM, Tim Moses <[email protected]> wrote: >>>> Colleagues - As discussed, the idea is to document the Web PKI as >>>> it is >>> practiced today. Generally, that means considering product versions >>> other than the most recent one from each significant supplier. But, >>> in order to keep the workload at a manageable level, we will have to >>> eliminate product versions that are seldom encountered today. >>> Without making reference to specific products and versions, it's >>> tough to come up with an objective criterion for identifying the versions >>> that deserve to be documented. >>> Therefore, I believe we have to rely on experts' judgments. >>>> >>>> As a guide, we might agree that, in order to warrant consideration, >>>> a >>> technique must be involved in more than one percent of connections >>> that use the Web PKI. While we would not attempt to apply this >>> threshold with any precision, contributors may appeal to it in order >>> to justify their exclusion of a particular technique. Then the >>> disputant would be called upon to demonstrate that the technique was more >>> prevalent. >>>> >>>> What do others think? >>> >>> 1% seems reasonable although, if anything, a little high. There are >>> workarounds that apply to less than 1% but are, none the less, >>> important. But any number 0.1%..1% seems sane. >>> >>> >>> Cheers >>> >>> AGL >>> _______________________________________________ >>> wpkops mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/wpkops >> _______________________________________________ >> wpkops mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/wpkops >> _______________________________________________ >> wpkops mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/wpkops >> > > _______________________________________________ > wpkops mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/wpkops > _______________________________________________ > wpkops mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/wpkops > _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
