That would be awesome. Thanks for the "heads up". All the best. Tim.
> On Nov 28, 2013, at 5:59 AM, "Rob Stradling" <[email protected]> wrote: > >> On 27/11/13 15:43, Tim Moses wrote: >> Hi Rob. I can't argue with that. >> >> But, isn't our focus more on design choices than implementation flaws? >> After all, IETF can help fix problems with protocol design and >> configuration, but there is less they can do about bugs. >> >> Generally, I would be supportive of gathering more (rather than less) >> information. But, I am also acutely aware that we have to finish the >> project on schedule, and we are reliant on the good will of busy people. >> >> Having said all that, I don't object to sending the survey to all the CAs in >> the usual trust anchor lists. > > Hi Tim. Google may soon conduct a survey of all the publicly-trusted CAs to > find out what CA software and OCSP software each CA is using, in order to > find out which CA/OCSP software will need to be updated to support various > features of Certificate Transparency (RFC6962). > > I asked Ben Laurie about this yesterday, and he said he might kick off a > survey as early as next week. (CC'ing Ben). > > If Google do their survey first, then this will hopefully yield a full list > of OCSP software authors for WPKOPS to survey. :-) > >> But, I wouldn't necessarily give high priority to chasing responses and >> analyzing them. >> >> I'm also happy to defer to the group if this is generally viewed to be of >> higher priority. >> >> All the best. Tim. >> >>>> On Nov 27, 2013, at 9:30 AM, "Rob Stradling" <[email protected]> >>>> wrote: >>>> >>>> On 27/11/13 13:27, Tim Moses wrote: >>>> Hi Rob. I would say "yes" to this if we thought it might uncover an issue >>>> that needed fixing. Otherwise, we might just be creating a lot of extra >>>> work for little benefit. >>>> >>>> What do you think? All the best. Tim. >>> >>> I have no idea if this would uncover any issues that would need fixing. >>> >>> But if we're going to scrutinize the commercial software, why wouldn't we >>> also scrutinize the in-house software? >>> >>> In-house software isn't any less likely to contain bugs just because it >>> isn't sold commercially! >>> >>>>>> On Nov 27, 2013, at 5:08 AM, "Rob Stradling" <[email protected]> >>>>>> wrote: >>>>>> >>>>>> On 26/11/13 23:46, Rick Andrews wrote: >>>>>> Folks, >>>>>> I’m thinking we should also send the survey to vendors of OCSP Responder >>>>>> software. I know of CoreStreet, and I’ve heard tell of others, but I >>>>>> don’t know who they are. >>>>> >>>>> Hi Rick. Some CAs have written their own OCSP Responder software >>>>> in-house. Since it's for their own use, they're not acting as "vendors", >>>>> but nonetheless I'd say that the behaviour of this software is of just as >>>>> much interest as the behaviour of, say, Corestreet's software. >>>>> >>>>> Perhaps we need to send the survey to every publicly-trusted CA! >>> >>> -- >>> Rob Stradling >>> Senior Research & Development Scientist >>> COMODO - Creating Trust Online >> _______________________________________________ >> wpkops mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/wpkops > > -- > Rob Stradling > Senior Research & Development Scientist > COMODO - Creating Trust Online > Office Tel: +44.(0)1274.730505 > Office Fax: +44.(0)1274.730909 > www.comodo.com > > COMODO CA Limited, Registered in England No. 04058690 > Registered Office: > 3rd Floor, 26 Office Village, Exchange Quay, > Trafford Road, Salford, Manchester M5 3EQ > > This e-mail and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the sender by replying > to the e-mail containing this attachment. Replies to this email may be > monitored by COMODO for operational or business reasons. Whilst every > endeavour is taken to ensure that e-mails are free from viruses, no liability > can be accepted and the recipient is requested to use their own virus > checking software. _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
