All - I have no fundamental objection to expanding the scope in the ways suggested.
It's true that the original idea was to limit the scope to server-auth to Web browsers. That's because vulnerabilities have been demonstrated and the impact can clearly be severe. Do those conditions exist for client-auth and CalDAV? If not, I might assign them lower priority. On the other hand, if they impact the workload by no more than (say) 10%, why wouldn't we include them? I think it's important to remember that increased workload must be borne not just by the editors but also by the reviewers (every subscriber to the mail-list). All the best. Tim. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Carl Wallace Sent: Thursday, August 30, 2012 12:31 PM To: Jon Callas; [email protected] Subject: Re: [wpkops] Second draft charter proposal On 8/30/12 12:28 PM, "Jon Callas" <[email protected]> wrote: >On Aug 30, 2012, at 9:18 AM, Carl Wallace wrote: > >>> And for issuers, it can be difficult to predict what proportion of >>> the user population will accept a certificate chain with certain >>> characteristics. For instance, when a browser includes a nonce in >>> an OCSP request but the server supplies a response that does not >>> include the nonce, it is hard to know which browsers will accept and >>> which will reject the response. >>> >>> >>> >> >> Is client authentication processing performed by web servers in scope? >>If >> not, explicitly push that out of scope. > >It would be nice if it were in scope. Client authorization is a vastly >under-used feature. > >I wouldn't want to endanger everything else over it, but if we keep >sweeping it under the rug, it will continue to languish. I agree and would like to see it stay in scope as well. _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
