Hi
Then we´re assuming that web PKI means only TLS connections, am I right? So "web" is used only in "browsers"? I think this is not fair. We are talking about trust models and browsers root stores is only "one" of these models, not the only one and we should consider the others. I don´t get why we are assuming that web PKI is only referred to the browsers, and if so, the document could be very simple, just pointing to the browsers policies or leave it to the CAB Forum, which is not a standards body like it can be IETF. If we´re to produce a standard on trust models we should consider all options, not just one because it´s the most used. That is not an standard. Regards Hiya, On 06/27/2013 08:04 AM, i-barre...@izenpe.net <mailto:i-barre...@izenpe.net> wrote: > Hi, > > I don´t know the numbers because I´m not managing it, this is > typically done at the ministers in the national governments which are > the responsible for managing the TSL, Those would be the wrong numbers I think. The numbers of interest relate to real-world usage in TLS sessions. I'd be very surprised if any of the ETSI stuff showed up in anything near 0.1% of TLS sessions. If it does not then this WG should just ignore it and concentrate on the 99.9% of stuff that actually happens. Is anyone claiming that the ETSI stuff shows up in >0.1% of TLS sessions? > but in any case, I sent an > email asking for these numbers, which in any case it´s only for one > country. > > OTOH, I think this is not about percentages (or at least I don´t see > that way) since these TSL are mandated by law. So what? There are loads of digital signature related laws in the world. They are all irrelevant for this wg unless they impact on what is actually used to a non-negligible extent in the real web pki. > But, if numbers are > needed, there are 27 (EU member states) reliable trust stores that > must be considered, not just 5 (browsers) and you can add Adobe and > Oracle (also have root stores). Wrong numbers again. This has nothing to do with how many implementations exist but rather with what is really commonly used. > IMHO, this document has to take into account all options because if we > are only dealing with browsers then I think the CAB forum is doing it > now and it will be a useless or repeated (similar) work. That ("take into account all the options") sounds like a recipe for failure to me given the lack of activity here and the history that the PKI community has of spending way too much time on niche corner cases and ignoring what's actually commonly done. (Sorry that's a bit of a rant and I'm as guilty as anyone, or was in the past - I'm reformed now:-) S. > > Here´s a link on recent news of Adobe if it´s of interest. > http://blogs.adobe.com/standards/2013/06/25/alignment-of-adobe-approve > <http://blogs.adobe.com/standards/2013/06/25/alignment-of-adobe-approve> > d-trust-list-aatl-and-eu-trust-list-eutl/ > > Regards > > > Iñigo Barreira Responsable del Área técnica i-barre...@izenpe.net > <mailto:i-barre...@izenpe.net> > 945067705 > > > ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta > egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada > (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, > korreo honi erantzuna. KONTUZ! ATENCION! Este mensaje contiene > informacion privilegiada o confidencial a la que solo tiene derecho a > acceder el destinatario. Si usted lo recibe por error le > agradeceriamos que no hiciera uso de la informacion y que se pusiese > en contacto con el remitente. > > > -----Mensaje original----- De: Stephen Farrell > [mailto:stephen.farr...@cs.tcd.ie] > <mailto:[mailto:stephen.farr...@cs.tcd.ie]> Enviado el: miércoles, 26 de > junio > de 2013 12:51 Para: Barreira Iglesias, Iñigo CC: berg...@gmail.com > <mailto:berg...@gmail.com> ; > wpkops@ietf.org <mailto:wpkops@ietf.org> Asunto: Re: [wpkops] Silence is > deafening - Trust > Model Paper > > > Hi, > > On 06/26/2013 11:34 AM, i-barre...@izenpe.net <mailto:i-barre...@izenpe.net> > wrote: >> For example, in the EU there´s a so called Trust Service Status List >> (commonly called TSL) which is another trust store managed by every >> EU member state and regulated by law in which there´s a list with all >> CAs (and issuing CAs and services) that fulfill the requirements >> imposed by law that follow some ETSI standards. This is mandate for >> all the CAs offering qualified certificates but it´s also possible >> for non qualified certs, like SSL. This is also web PKI because these >> services are consumed thru web services for example on a machine >> readable process or thru a web site for human readable process. > > How does that square with the charter requirement that this wg not > delve into stuff that's not much used? > > The charter says: > > Only server-authentication behavior encountered in more than 0.1 > percent of connections made by desktop and mobile browsers is to be > considered. While it is not intended to apply the threshold with any > precision, it will be used to justify the inclusion or exclusion of a > technique. > > Is there any evidence as to the level of use of all that ETSI stuff? > My impression is that it'd not meet the rough threshold above. > > BTW: I'd really like to know, I'm not (only) trying to simplify the > work here:-) But simplifying the work here seems like something that > is needed for progress given the relative lack of activity. > > Thanks, S. > >
_______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
