Hi Tim, Well, I have my doubts. The trust model document is about the webPKI working as today and CT is not deployed at all. Google plans to incorporate by the beginning of 2015 officially and make it mandatory for Chrome (of course, CAs can use it today on a voluntary basis). OTOH, CT is about issuing a certificate from a CA and how to let the others know that a certificate has not been issued properly but I think this is on the CA operations rather than on a trust model document but it also has implications on the trust you can have. Google uses in Chrome, when running on windows, the MS root store so it relies on what MS has stated in his root store program independently of the CT.
But, in section 3.4 of the trust model document, it´s described how a browser can support public key pinning, so CT can be a new section 3.4.5, but again, it´s not yet deployed. The same can happen with CAA, there´s a RFC but none is using it at the moment and there´s a minimum of % to be considered. Initially was also considered the EU Trusted List and were removed because not "widely" used and maintained by the browser, so the % was very low. So, IMHO, right now, the CT is not part of the trust model document. We´ll see next year. Iñigo Barreira Responsable del Área técnica i-barre...@izenpe.net 945067705 ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ! ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente. -----Mensaje original----- De: Tim Moses [mailto:tim.mo...@entrust.com] Enviado el: viernes, 06 de junio de 2014 22:02 Para: Ben Wilson CC: Barreira Iglesias, Iñigo; Bruce Morton; wpkops@ietf.org; Gervase Markham Asunto: Re: [wpkops] Preliminary Next Version of Browser Behavior Draft Bruce/Inigo - Do you think the Transparency section in the revocation doc from Phill and David belongs in the Trust Model doc? All the best. Tim. > On Jun 6, 2014, at 2:47 PM, "Ben Wilson" <b...@digicert.com> wrote: > > Iñigo and Bruce, > Perhaps we should revise the Trust Model document to describe how > browser, root store, and cryptolibrary are related? In addressing > Gerv's comments, I am thinking of starting with the following "This > document reviews the current processing behaviors of cryptolibraries, > and the browsers they support, with respect to SSL/TLS session > establishment between a server and a browser, ..." or something along those > lines. > Thoughts? > Thanks, > Ben > >> -----Original Message----- >> From: wpkops [mailto:wpkops-boun...@ietf.org] On Behalf Of Gervase >> Markham >> Sent: Thursday, June 5, 2014 8:10 AM >> To: Tim Moses; b...@digicert.com >> Cc: wpkops@ietf.org >> Subject: Re: [wpkops] Preliminary Next Version of Browser Behavior >> Draft >> >>> On 05/06/14 14:37, Tim Moses wrote: >>> Hi Ben. We want to move this document to WG draft status. Do you >>> want to address Gerv's comments before we hold a ballot? I suggest >>> we do that. >> >> Again, apologies for lack of knowledge of the process, but: the doc >> is full > of "to be expanded", >> "we plan to..." etc. So there will be lots of further change. Is that >> what > "Draft" means? >> >> My two examples were two of many; they were actually given to try and >> get > clarity on the >> purpose and goals of the document. If that's written up somewhere, do >> point > me to it. :-) >> >> Gerv >> >> _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
