> (2) abstract: "domain owners or their agents" makes it sound > like I might have to pay to monitor; be good to re-assure that > no such constraint is planned. (Such re-assurance doesn't need > to be in the abstract, arguably not even in the draft, but > also arguably ought be somewhere.) While its none of the > IETF's business who charges for what in general, in this case, > where there has been ongoing negative comment on the impact of > PKI business models on Internet security, I do think it'd be > good for the authors of proposals to be clear how they think > they're affecting such charging issues. Personally, I guess > that since EFF and some academics have been able to afford to > populate large databases of TLS server certs, this shouldn't > become a huge barrier, but it could in principle impose new > subscription costs or constraints on TLS servers or even > clients and that might not be a good plan.
Well, a log isn't much use unless it is public - but I don't really know how to say much about who charges for what. We can state our intent to run free services, but presumably not in an RFC. So ... I don't really know how to address this. _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
