While I agree that it needs to be addressed, I'm not sure I want to enlarge the scope when our success will depend on our ability to handle the workload and address and resolve the issues presented.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Phillip Hallam-Baker Sent: Tuesday, September 04, 2012 10:29 AM To: Carl Wallace Cc: [email protected]; Jon Callas Subject: Re: [wpkops] Second draft charter proposal I would like to see us 'do' something 'about' client authentication. But I don't see much of a client PKI out there to be operated, I think we are going to have to 'build stuff' to fix it. So I don't think its a PKI operations issue. I would prefer to see a separate, security area WG to look into the client ops side. In particular I don't want to spend time trying to work out how to automate the 'certificate lifecycle' premised on the idea that client certs expire on an annual basis in a group where we can't ask why the cert has to expire. On Thu, Aug 30, 2012 at 12:31 PM, Carl Wallace <[email protected]> wrote: > On 8/30/12 12:28 PM, "Jon Callas" <[email protected]> wrote: > >>On Aug 30, 2012, at 9:18 AM, Carl Wallace wrote: >> >>>> And for issuers, it can be difficult to predict what proportion of >>>> the user population will accept a certificate chain with certain >>>> characteristics. For instance, when a browser includes a nonce in >>>> an OCSP request but the server supplies a response that does not >>>> include the nonce, it is hard to know which browsers will accept >>>> and which will reject the response. >>>> >>>> >>>> >>> >>> Is client authentication processing performed by web servers in scope? >>>If >>> not, explicitly push that out of scope. >> >>It would be nice if it were in scope. Client authorization is a vastly >>under-used feature. >> >>I wouldn't want to endanger everything else over it, but if we keep >>sweeping it under the rug, it will continue to languish. > > I agree and would like to see it stay in scope as well. > > > _______________________________________________ > wpkops mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/wpkops -- Website: http://hallambaker.com/ _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
