Hi Rob. I can't argue with that. But, isn't our focus more on design choices than implementation flaws? After all, IETF can help fix problems with protocol design and configuration, but there is less they can do about bugs.
Generally, I would be supportive of gathering more (rather than less) information. But, I am also acutely aware that we have to finish the project on schedule, and we are reliant on the good will of busy people. Having said all that, I don't object to sending the survey to all the CAs in the usual trust anchor lists. But, I wouldn't necessarily give high priority to chasing responses and analyzing them. I'm also happy to defer to the group if this is generally viewed to be of higher priority. All the best. Tim. > On Nov 27, 2013, at 9:30 AM, "Rob Stradling" <[email protected]> wrote: > >> On 27/11/13 13:27, Tim Moses wrote: >> Hi Rob. I would say "yes" to this if we thought it might uncover an issue >> that needed fixing. Otherwise, we might just be creating a lot of extra >> work for little benefit. >> >> What do you think? All the best. Tim. > > I have no idea if this would uncover any issues that would need fixing. > > But if we're going to scrutinize the commercial software, why wouldn't we > also scrutinize the in-house software? > > In-house software isn't any less likely to contain bugs just because it isn't > sold commercially! > >>>> On Nov 27, 2013, at 5:08 AM, "Rob Stradling" <[email protected]> >>>> wrote: >>>> >>>> On 26/11/13 23:46, Rick Andrews wrote: >>>> Folks, >>>> I’m thinking we should also send the survey to vendors of OCSP Responder >>>> software. I know of CoreStreet, and I’ve heard tell of others, but I >>>> don’t know who they are. >>> >>> Hi Rick. Some CAs have written their own OCSP Responder software in-house. >>> Since it's for their own use, they're not acting as "vendors", but >>> nonetheless I'd say that the behaviour of this software is of just as much >>> interest as the behaviour of, say, Corestreet's software. >>> >>> Perhaps we need to send the survey to every publicly-trusted CA! > > -- > Rob Stradling > Senior Research & Development Scientist > COMODO - Creating Trust Online > _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
