Hi Bruce
here are my comments on this version
1. There is a potential problem with the scope/Introduction of the
document, since it only covers trust between the browser and the
subscriber, when what really matters is trust between the RP and the
subscriber. How is this gap to be covered?
2. Section 2.1. 3rd para insert may -> The root store provide "may"
require the root CA....
Rationale. If the root store provider can verify a CA simply because it
has been accepted by another root store provider, as per the second
paragraph, then conversely, it may not require it to be annually audited
but may remove it only when the other root store provider removes it.
3. Section 2.3 insert may -> The subscriber may identify...
Rationale. This more accurately reflects the current situation today,
doesn't it?
4. Section 3.2.3. A third party RA is not identified in a CA certificate
as anything, is it?. Remove "as an issuing CA" as this implies it is
identified as something else.
5. What is the relevance of section 3.3.1? If a third party is
subcontracted to a party to do work on its behalf, then the party is
ultimately responsible for this and there is no need to mention it.
6. Section 5.2. Non-unique names. It is unclear whether non-unique names
refers to Internet wide unique names, or only to CA wide unique names.
Be explicit.
regards
David
On 11/10/2013 13:02, Bruce Morton wrote:
The Trust Model draft has been updated.
Bruce.
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Wednesday, October 09, 2013 8:47 AM
To: Inigo Barreira; Bruce Morton
Subject: New Version Notification for draft-barreira-trustmodel-00.txt
A new version of I-D, draft-barreira-trustmodel-00.txt has been successfully
submitted by Inigo Barreira and posted to the IETF repository.
Filename: draft-barreira-trustmodel
Revision: 00
Title: Trust models of the Web PKI
Creation date: 2013-10-09
Group: Individual Submission
Number of pages: 9
URL:
http://www.ietf.org/internet-drafts/draft-barreira-trustmodel-00.txt
Status: http://datatracker.ietf.org/doc/draft-barreira-trustmodel
Htmlized: http://tools.ietf.org/html/draft-barreira-trustmodel-00
Abstract:
This is one of a set of documents to define the operation of the Web
PKI. It describes the currently deployed Web PKI trust.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
wpkops mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/wpkops
_______________________________________________
wpkops mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/wpkops
