Hi David, I have provided some responses to your comments below.
Thank you for your input. All the best, Bruce. -----Original Message----- From: David Chadwick [mailto:[email protected]] Sent: Monday, October 14, 2013 7:52 AM To: Bruce Morton; wpkops WG ([email protected]) ([email protected]) Subject: Re: [wpkops] FW: New Version Notification for draft-barreira-trustmodel-00.txt Hi Bruce here are my comments on this version 1. There is a potential problem with the scope/Introduction of the document, since it only covers trust between the browser and the subscriber, when what really matters is trust between the RP and the subscriber. How is this gap to be covered? [Bruce Morton] - I tend to agree with you, but we were reminded that the Charter states " authenticity of communications between Web browsers and Web content servers." As such we removed references to relying parties. 2. Section 2.1. 3rd para insert may -> The root store provide "may" require the root CA.... Rationale. If the root store provider can verify a CA simply because it has been accepted by another root store provider, as per the second paragraph, then conversely, it may not require it to be annually audited but may remove it only when the other root store provider removes it. [Bruce Morton] - Agreed. 3. Section 2.3 insert may -> The subscriber may identify... Rationale. This more accurately reflects the current situation today, doesn't it? [Bruce Morton] I am not sure "may" applies. The Trust Model is assuming that the Subscriber has a Web server with a domain name. can you give an example? 4. Section 3.2.3. A third party RA is not identified in a CA certificate as anything, is it?. Remove "as an issuing CA" as this implies it is identified as something else. [Bruce Morton] I have no issue with making this change. 5. What is the relevance of section 3.3.1? If a third party is subcontracted to a party to do work on its behalf, then the party is ultimately responsible for this and there is no need to mention it. [Bruce Morton] The purpose of mentioning this is the basic trust model suggests that Subscriber manages their own Web server and certificates. The EV guidelines and the Baseline Requirements allow an authorized agent to represent the Subscriber. In some cases the authorized agent might represent many Subscribers. 6. Section 5.2. Non-unique names. It is unclear whether non-unique names refers to Internet wide unique names, or only to CA wide unique names. Be explicit. [Bruce Morton] We consider a fully qualified domain name to be unique as the domain root is registered. We consider names that cannot be registered as non-unique as many Subscribers could use the same name. So would it be sufficient to state "Internet non-unique name"? regards David On 11/10/2013 13:02, Bruce Morton wrote: > The Trust Model draft has been updated. > > Bruce. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Wednesday, October 09, 2013 8:47 AM > To: Inigo Barreira; Bruce Morton > Subject: New Version Notification for draft-barreira-trustmodel-00.txt > > > A new version of I-D, draft-barreira-trustmodel-00.txt has been successfully > submitted by Inigo Barreira and posted to the IETF repository. > > Filename: draft-barreira-trustmodel > Revision: 00 > Title: Trust models of the Web PKI > Creation date: 2013-10-09 > Group: Individual Submission > Number of pages: 9 > URL: > http://www.ietf.org/internet-drafts/draft-barreira-trustmodel-00.txt > Status: http://datatracker.ietf.org/doc/draft-barreira-trustmodel > Htmlized: http://tools.ietf.org/html/draft-barreira-trustmodel-00 > > > Abstract: > This is one of a set of documents to define the operation of the Web > PKI. It describes the currently deployed Web PKI trust. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > wpkops mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/wpkops > _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
