This paper sounds like a wish list of select issues taken from the Mozilla forums. I don't see why it would be published as informational RFC? Is the goal to make a list of issues that community members feel need to be discussed? I don't get it.
The conclusions seem to be 1) Have a CAB Forum that is more transparent (which is out of scope of the IEFT - I'm not sure I've ever seen an IETF paper specifically call out to another industry body requesting a change in its membership?) and 2) Use Let's Encrypt - one specific member of the CA community. Many CAs already offer free tools to automate issuance, making the call out to Let's Encrypt very odd in an IETF document, especially where the touted feature - new automated tools - already exist (https://www.digicert.com/express-install/). I have a similar complaint about the reference to acme where PHB has been proposing something similar for a LONG time (https://tools.ietf.org/html/draft-hallambaker-omnibroker-06). I'm also not sure why you selected the specific issues for inclusion in the paper. For example, the paper doesn't mention inconsistencies in validation levels, which (imo) is a bigger issue than the "too big to fail" scenario. Cost also is a weird issue to include in the document since it's always relative. It's also very difficult to discuss without running afoul of anti-trust laws. Jeremy -----Original Message----- From: wpkops [mailto:[email protected]] On Behalf Of Russ Housley Sent: Tuesday, July 7, 2015 8:57 AM To: [email protected] Subject: [wpkops] draft-housley-web-pki-problems-00 I want to make people on this list aware of this draft that was posted yesterday. Stephen Farrell suggested that this list might be a good place to discuss it. Russ _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
