We could add a clear statement in the document that says, "this document describes the state of the Web PKI circa 2013" or something like that.
-----Original Message----- From: wpkops [mailto:wpkops-boun...@ietf.org] On Behalf Of Tim Moses Sent: Thursday, July 24, 2014 6:42 AM To: Gervase Markham; wpkops@ietf.org Subject: Re: [wpkops] Browser behaviour draft Hi Gerv. It has to be "opportunity"; we all know that users don't possess the capability to manage security on their end systems. Ooh! I should put a smiley face after that. ;-) We made a decision to record the state of Web PKI at a point in time. (That being the end of 2013.) The state is continuously evolving, and it would be a poor use of our time if we were to attempt to track it. However, if completion is delayed much beyond the projected completion date, we may have to revisit that decision. Thanks for your helpful input. All the best. Tim. -----Original Message----- From: Gervase Markham [mailto:g...@mozilla.org] Sent: Thursday, July 24, 2014 5:21 AM To: Tim Moses; wpkops@ietf.org Subject: Re: [wpkops] Browser behaviour draft Hi Tim, On 23/07/14 21:22, Tim Moses wrote: > Colleagues - I would like to advance the Browser Behaviour draft ... > > http://datatracker.ietf.org/doc/draft-wilson-wpkops-browser-processing > / > > ... to WG draft. This document (helpfully) states: "This document reviews some of the certificate-processing features of the following cryptolibraries: Network Security Services (NSS), in two code sets, Classic (NSS-Classic) and PKIX (NSS-PKIX); ..." However, as of two days ago, with the release of Firefox 31, Firefox switched to using mozilla::pkix for certificate verification: https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/ https://www.mozilla.org/en-US/firefox/31.0/releasenotes/ You will need to decide whether to hold the document while you update it to take account of any changes. I can tell you that mozilla::pkix also does not do AIA chasing. "and most end users can manually add or remove root certificates" Is that a statement about opportunity or capability? :-) Perhaps better as: "most user agents give end users the opportunity to add or remove root certificates". Gerv _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops