On Sat, Jul 4, 2020 at 9:41 PM Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> Ryan Sleevi <r...@sleevi.com> writes: > > >And they are accomodated - by using something other than the Web PKI. > > That's the HTTP/2 "let them eat cake" response again. For all intents and > purposes, PKI *is* the Web PKI. If it wasn't, people wouldn't be worrying > about having to reissue/replace certificates that will never be used in a > web > context because of some Web PKI requirement that doesn't apply to them. > Thanks Peter, but I fail to see how you're making your point. The problem that "PKI *is* the Web PKI" is the problem to be solved. That's not a desirable outcome, and exactly the kind of thing we'd expect to see as part of a CA transition. PKI is a technology, much like HTTP/2 is a protocol. Unlike your example, of HTTP/2 not being considerate of SCADA devices, PKI is an abstract technology fully capable of addressing the SCADA needs. The only distinction is that, by design and rather intentionally, it doesn't mean that the billions of devices out there, in their default configuration, can or should expect to talk to SCADA servers. I'm would hope you recognize why that's undesirable, just like it would be if your phone were to ship with a SCADA client. At the end of the day, this is something that should require a degree of intentionality. Whether it's HL7 or SCADA, these are limited use cases that aren't part of a generic and interoperable Web experience, and it's not at all unreasonable to think they may require additional, explicit configuration to support. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
