Hi Ryan. You are exactly right. And, if that is how I should read the fact that we haven't generated more evidence that product developers are interested and prepared to act on the results of the projected second phase, then I am comforted.
Thanks for reiterating your support. All the best. Tim. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ryan Sleevi Sent: Wednesday, October 17, 2012 2:42 PM To: Tim Moses Cc: [email protected] Subject: Re: [wpkops] Support for this activity from product developers? On Wed, October 17, 2012 11:13 am, Tim Moses wrote: > Colleagues - One of the premises of this initiative (perhaps the main > premise) was that product developers would be willing to be governed > by the results of an industry consensus process when it comes to > handling certificates and acting on the results of certificate > validation. That is, that developers would see value in claiming > conformance to any resulting standard. For instance, suppose > consensus were to emerge that certain certificate validation failures > should be "fatal" (i.e. the associated application should refuse to > perform the requested operation), would application developers be > willing to modify their products accordingly? > > Nothing in the discussions on the list to date confirms or refutes > the premise. I think it would be useful to hear from developers of > relevant products how they would view the outcome of this type of IETF > initiative. > > Thanks a lot. All the best. Tim. > > T: +1 613 270 3183 Tim, According to your current (third) charter proposal: "Future activities may attempt to prescribe how the Web PKI "should" work, and the prescription may turn out to be a proper subset of the PKIX PKI. However, that task is explicitly not a goal of the proposed working group. Instead, the group's goal is merely to describe how the Web PKI "actually" works in the set of browsers and servers that are in common use today." This would suggest that the current work is not to the production of normative work product for any of the participants in the "Web PKI", but rather informative work. It seems like discussion about the introduction of normative behaviours, for applications or for authorities, was something that was explicitly being avoided, as discussed during the scoping thread, until such a time as the WG had worked to produce informative work. At present, I'm very supportive of the work set out in the proposed charter, but further broadening the charter to include normative work may, I fear, prevent the delivery of useful and relevant documentation that can be used today. _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
