On 12.02.2012 21:40, Yoav Nir wrote:
On Feb 12, 2012, at 10:19 PM, Kai Engert wrote:
How about this?
http://www.doodle.com/8c5s43ayqbrft5rm
That's about it, but usually we do this after the preliminary agenda has been
posted.
I have no eperience with IETF BoF meetings, so I apologize if my
proposals don't match the expectations for agenda items.
However, in order to get started, here are some questions that we could
discuss.
(a)
Can we incrementally improve today's PKI trust model, or is a complete
replacement necessary?
(b)
We heard proposals that require that all trust assertions (certificates)
are made public, thereby creating public records of all certified entities.
Is such a requirement acceptable?
If not, is parallel deployment of public and private trust logs possible?
(c)
We heard proposals that domain owners shall be required to protect
themselves from hijacking by permanently watching public logs for
fraudulent actions.
Is this requirement realistic and acceptable?
(d)
Consider the scenario "attacker controls all routes from hijacked
server" and can thereby manipulate validation of domain ownership.
Is this a problem a new/improved trust model should/can solve, or should
this rather be solved at an organizational level, using out-of-band
communication between assurer, registry and domain owner?
(e)
Make assessments for each of the proposed solutions, how close is each
of them to a complete protocol specification?
(f)
Can we create a trust system that makes it completely impossible to
create false trust assertions, or is quick detection of false trust
assertions the best we can get?
(g)
Should better and quicker revocation of trust assertions be a mandatory,
integral part of any new trust solutions, or are trust and revocation
separate problems?
Also, Friday after 18:00 is a non-starter.
I've removed the Friday-after-18 choice.
Kai
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey