Tom. These are good points. They relate more to the TLS stack than the PKI. But, they are relevant for all that.
Can you provide specific questions? All the best. Tim. > On Nov 27, 2013, at 6:09 AM, "t.petch" <ie...@btconnect.com> wrote: > > Complicated:-( Perhaps there is a danger of losing the wood for the > trees. > > Thus, I think of TLS in terms of cipher suites and think that software > vendors would too; the mix and match approach of algorithms in 2) (where > is RC4 or AEAD or AES-GCM?) seems likely to produce the wrong answers. > > I also think of TLS in terms of versions, of which there are two values > that appear separately in setting up a TLS connection, and many software > vendors would appear not to understand what the specification says in > that regard and so are in breach of it. Fallback attacks derived > therefrom are a significant part of using TLS. > > And then there is Key Usage; some check, other do not. > > And the hot topic of three years ago was Renego and support for it; > still significant today. Links into fallback attacks. > > While a running sore is where does the software get its identifier from; > this document keeps talking of DN (I wonder how common that is). > RFC6125 should probably be in there somewhere. > > And the treatment of user certs (I know what Microsoft does and it is > very sensible but suspect that it is unique). > > etc etc > > Tom Petch > > ----- Original Message ----- > From: "Rick Andrews" <rick_andr...@symantec.com> > To: <wpkops@ietf.org> > Sent: Wednesday, November 27, 2013 12:27 AM > > Folks, > > Here's a very early draft, started by Tim with updates from David and > me. I've turned on Track Changes; please feel free to add edits and > comments. > > I'm sure there's many more questions we can ask. Please pile 'em on. > > -Rick > > > > > > > ------------------------------------------------------------------------ > -------- > > >> _______________________________________________ >> wpkops mailing list >> wpkops@ietf.org >> https://www.ietf.org/mailman/listinfo/wpkops > > > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops