a detail-level comment: > Also, the reliability of the Web PKI depends critically on the practices of > its certificate issuers. However, the topic of practices is outside the > scope of the IETF. Therefore, this will be left to other competent bodies.
"practices of ... certificate issuers" needs to be clearly defined in order to disambiguate between, e.g., verification of certificate issuance requester and CA infrastructure operational practices.
My understanding is that this scope declaration is intended to exclude the former and not necessarily the latter, but this isn't clear.
HTH, =JeffH _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops