Good idea, I forwarded it on some CA lists as well. One omission I think needs to be called out is that the WebPKI scope is limited to server authentication. While I don't think that the draft should consider client auth in detail, it is something that should be pointed out as a shortcoming.
I think that the main reason we haven't got client auth working on a large scale is that the administration and usability issues that impact the Web Server PKI are even more severe for client PKI. My Mesh project is an attempt to address those issues.
_______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops