Hi Randy. That's right. Hopefully, this will be a precursor to fixing some of the issues with the Web PKI. But, step one is to "catalog" what we have. So, we'll start by producing a set of BCPs that document major aspects of the Web PKI as it is generally practiced today.
All the best. Tim. -----Original Message----- From: wpkops-boun...@ietf.org [mailto:wpkops-boun...@ietf.org] On Behalf Of Randy Turner Sent: Tuesday, August 28, 2012 3:26 PM To: wpkops@ietf.org Subject: Re: [wpkops] Scope Hi Tim, So, in a nutshell (because this is an OPS effort), we're doing to: 1. Document existing practice, given the most prevalent products, and 2. Given existing practice, analyze this existing practice for a set of BCPs Is this correct? Thanks! Randy On Aug 28, 2012, at 9:59 AM, Tim Moses wrote: > Hi Rick. I completely agree. It's covered in the last paragraph of the > draft charter. In the near future I'll distribute an updated charter > proposal. All the best. Tim. > > -----Original Message----- > From: wpkops-boun...@ietf.org [mailto:wpkops-boun...@ietf.org] On > Behalf Of Rick Andrews > Sent: Tuesday, August 28, 2012 12:56 PM > To: Adam Langley; Tim Moses > Cc: wpkops@ietf.org > Subject: Re: [wpkops] Scope > > Tim, I think the 1% fuzzy threshold is fine. But I really hope that the sum > total of connections that use Web PKI includes mobile browsers and apps. I've > heard anecdotally that mobile represents a large and ever-growing share of > web use, and I think it's essential to include it. > > -Rick > >> -----Original Message----- >> From: wpkops-boun...@ietf.org [mailto:wpkops-boun...@ietf.org] On >> Behalf Of Adam Langley >> Sent: Tuesday, August 28, 2012 8:09 AM >> To: Tim Moses >> Cc: wpkops@ietf.org >> Subject: Re: [wpkops] Scope >> >> On Tue, Aug 28, 2012 at 10:58 AM, Tim Moses <tim.mo...@entrust.com> wrote: >>> Colleagues - As discussed, the idea is to document the Web PKI as it >>> is >> practiced today. Generally, that means considering product versions >> other than the most recent one from each significant supplier. But, >> in order to keep the workload at a manageable level, we will have to >> eliminate product versions that are seldom encountered today. >> Without making reference to specific products and versions, it's >> tough to come up with an objective criterion for identifying the versions >> that deserve to be documented. >> Therefore, I believe we have to rely on experts' judgments. >>> >>> As a guide, we might agree that, in order to warrant consideration, >>> a >> technique must be involved in more than one percent of connections >> that use the Web PKI. While we would not attempt to apply this >> threshold with any precision, contributors may appeal to it in order >> to justify their exclusion of a particular technique. Then the >> disputant would be called upon to demonstrate that the technique was more >> prevalent. >>> >>> What do others think? >> >> 1% seems reasonable although, if anything, a little high. There are >> workarounds that apply to less than 1% but are, none the less, >> important. But any number 0.1%..1% seems sane. >> >> >> Cheers >> >> AGL >> _______________________________________________ >> wpkops mailing list >> wpkops@ietf.org >> https://www.ietf.org/mailman/listinfo/wpkops > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops > _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops