Hi Jeff. I was thinking that "both" aspects of practices should be outside the scope of an IETF activity. The CA/Browser Forum is working on these with the co-operation of the root-program operators and the relevant audit experts (ETSI and WebTrust). I think that best value is obtained from the IETF community by focusing on technical protocols. No?
All the best. Tim. -----Original Message----- From: wpkops-boun...@ietf.org [mailto:wpkops-boun...@ietf.org] On Behalf Of =JeffH Sent: Thursday, August 30, 2012 7:31 PM To: wpkops@ietf.org Subject: Re: [wpkops] Second draft charter proposal a detail-level comment: > Also, the reliability of the Web PKI depends critically on the practices of > > its certificate issuers. However, the topic of practices is outside the > > scope of the IETF. Therefore, this will be left to other competent bodies. "practices of ... certificate issuers" needs to be clearly defined in order to disambiguate between, e.g., verification of certificate issuance requester and CA infrastructure operational practices. My understanding is that this scope declaration is intended to exclude the former and not necessarily the latter, but this isn't clear. HTH, =JeffH _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops