Not every certificate that is a valid PKIX certificate is a valid Web= PKI certificate (and vice versa). In particular WebPKI allows for self sign= ed certs which are not PKIX certs and self signed certs typically lack feat= ures that PKIX mandates like key usage, revocation distribution points etc.=

Self-signed certs are accepted in the WebPKI because th= ey have a specific purpose which is OK. But accepting a certificate chained= to an embedded trust anchor that lacks mandated PKIX features is not.

This particular incident appears to= be the result of an administrative error. But that error might have been c= aught if the offline/online separation had included a requirement that an o= nline certificate issuer MUST NOT be capable of issuing CA certs and client= s MUST be able to reject CA certs issued by such an issuer.

This is something that is easily implemented using a pa= th length constraint but you have to know that there is a potential problem= to avoid it.

Another feature of th= e generated certs is that they lacked CRL or OCSP distribution points so th= e cert status could not be checked. This is not permitted in WebPKI to an e= mbedded trust anchor.

--
Website: http://h= allambaker.com/

--e0cb4efe2e98916a6804d2ce117f-- From leifj@mnt.se Tue Jan 8 23:40:23 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCD7121F871C for ; Tue, 8 Jan 2013 23:40:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cOxNtRPcz+vI for ; Tue, 8 Jan 2013 23:40:23 -0800 (PST) Received: from mail-la0-f49.google.com (mail-la0-f49.google.com [209.85.215.49]) by ietfa.amsl.com (Postfix) with ESMTP id CC6AF21F854B for ; Tue, 8 Jan 2013 23:40:21 -0800 (PST) Received: by mail-la0-f49.google.com with SMTP id fk20so1552394lab.36 for ; Tue, 08 Jan 2013 23:40:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding :x-gm-message-state; bh=uu8kHhyGCR0r8KZoNuMGHeH1w3WMHirI7VyzaMQYglw=; b=P47BAhanb2X3A0tP+/KKPb8cRaoZsqcLcIRnroITolZO5YXWyAi+I6e/CBFE+0j1ls Qno2wCGExbJ2xYmfejCCBV7E2xnzmb1u6o0nCyxl7mkmHScmLtFhSVkCfQz0xv/LYEoV 9ea2YL6FrVmPlN9oXP3mxOEv5AWvoDBAzM5e31Ljwi7IuAbUT067Jy0uLKL6dhjKKDA0 5XBqqU/L7ag7s4jKurUVnnvWTLAxUkV0oLwwfp9Khn4wVwUe6L0IE4suYzKkng3rMKdA 6x1/tdNMVCzPE9zzdF5PybF7K+P86q/IUuwo43hfyoyUdfLsTbcmh89LBI3yj/ckkQTa oEzQ== X-Received: by 10.112.103.135 with SMTP id fw7mr27401663lbb.17.1357717220822; Tue, 08 Jan 2013 23:40:20 -0800 (PST) Received: from ?IPv6:2001:6b0:7:0:2890:e461:9f0e:1b44? ([2001:6b0:7:0:2890:e461:9f0e:1b44]) by mx.google.com with ESMTPS id f2sm6915908lbz.4.2013.01.08.23.40.19 (version=SSLv3 cipher=OTHER); Tue, 08 Jan 2013 23:40:19 -0800 (PST) Message-ID: <50ED1EE2.2080900@mnt.se> Date: Wed, 09 Jan 2013 08:40:18 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: wpkops@ietf.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQnDBzaX4D700TwYutt124d9YgrMEI7UVKLwugXFhXUmsCekJLWU0Me44etlzLVCCYg4gque Subject: Re: [wpkops] Some lessons of the Turktrust incident X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 07:40:23 -0000 > This is something that is easily implemented using a path length > constraint but you have to know that there is a potential problem to > avoid it. > Has anyone done interop testing in the wild for path length and name constraints, eg for commonly deployed TLS stacks and browsers? Cheers Leif From ynir@checkpoint.com Tue Jan 8 23:49:28 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20D9321F85FD for ; Tue, 8 Jan 2013 23:49:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id celINmC5vhuy for ; Tue, 8 Jan 2013 23:49:27 -0800 (PST) Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id D064A21F8775 for ; Tue, 8 Jan 2013 23:49:26 -0800 (PST) Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r097nPLR004840; Wed, 9 Jan 2013 09:49:25 +0200 X-CheckPoint: {50ED1EEA-0-1B221DC2-2FFFF} Received: from IL-EX10.ad.checkpoint.com ([169.254.2.18]) by IL-EX10.ad.checkpoint.com ([169.254.2.18]) with mapi id 14.02.0318.004; Wed, 9 Jan 2013 09:49:25 +0200 From: Yoav Nir To: Leif Johansson , "wpkops@ietf.org" Thread-Topic: [wpkops] Some lessons of the Turktrust incident Thread-Index: AQHN7euPnc7ctOcJH0S+fN85XgPEpZhAe8UAgAAiPoA= Date: Wed, 9 Jan 2013 07:49:25 +0000 Message-ID: <4613980CFC78314ABFD7F85CC30277210EE4EE66@IL-EX10.ad.checkpoint.com> References: <50ED1EE2.2080900@mnt.se> In-Reply-To: <50ED1EE2.2080900@mnt.se> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [91.90.139.81] x-kse-antivirus-interceptor-info: scan successful x-kse-antivirus-info: Clean Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [wpkops] Some lessons of the Turktrust incident X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 07:49:28 -0000 I don't know about a wide study, but if you look at the PKIX mailing list a= rchives around last May, there was a lively discussion with some anecdotal = evidence. Turns out quite a few browsers don't enforce name constraints. When present= , they ignore it even if the Critical bit is set (which RFC 5280 says is a = MUST). The trigger for that discussion was that iOS changed its behavior so= that it started failing on critical name constraints. Of course, it's been 8 months, so things may have changed. Yoav -----Original Message----- From: wpkops-bounces@ietf.org [mailto:wpkops-bounces@ietf.org] On Behalf Of= Leif Johansson Sent: Wednesday, January 09, 2013 9:40 AM To: wpkops@ietf.org Subject: Re: [wpkops] Some lessons of the Turktrust incident > This is something that is easily implemented using a path length=20 > constraint but you have to know that there is a potential problem to=20 > avoid it. > Has anyone done interop testing in the wild for path length and name constr= aints, eg for commonly deployed TLS stacks and browsers? Cheers Leif _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops Email secured by Check Point From eabalea@gmail.com Wed Jan 9 01:10:36 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0B4821F85ED for ; Wed, 9 Jan 2013 01:10:35 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.598 X-Spam-Level: X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yfYpE9Oqn0qg for ; Wed, 9 Jan 2013 01:10:34 -0800 (PST) Received: from mail-vb0-f53.google.com (mail-vb0-f53.google.com [209.85.212.53]) by ietfa.amsl.com (Postfix) with ESMTP id D983421F85BC for ; Wed, 9 Jan 2013 01:10:33 -0800 (PST) Received: by mail-vb0-f53.google.com with SMTP id b23so1286139vbz.26 for ; Wed, 09 Jan 2013 01:10:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=CeDmnXqE39S+4li2dCgGI+iKm/tcoofZ5nm5OE5w1s8=; b=R5Hormv6kg+eO2cKZ9wULIDVtWUy6qW9AkU283MWaWAeriMghB5HfQZ3Yf/vPS2qMW qUhyEJfOv6CrL7M0UBLpXOOHPhr8CPkJ17e9nfk6YjbvbXif1xmwjzCIYGQFXv0IzwLo dcm+briiLwfU5i2SgWIbhe/yq46Xg/ODca5DDaWZF0LtbOlXU7FX9dRaFkAjSIUBawfs emsxQLyPkesoP6fuOUKyNUKkqNnuwv2Gd7uTDNFyudcb5qUp57kyPGZE6A65VssH6Pdp /tXi29Bi+sfsij6GsvqCZSCNi+x3L8G4QZlcfRaEZP6+3qfeVYHBAWyBQX0Q+eY/sVJI eHBA== MIME-Version: 1.0 Received: by 10.52.178.225 with SMTP id db1mr78716155vdc.10.1357722633105; Wed, 09 Jan 2013 01:10:33 -0800 (PST) Received: by 10.52.69.44 with HTTP; Wed, 9 Jan 2013 01:10:31 -0800 (PST) Received: by 10.52.69.44 with HTTP; Wed, 9 Jan 2013 01:10:31 -0800 (PST) In-Reply-To: <50ED1EE2.2080900@mnt.se> References: <50ED1EE2.2080900@mnt.se> Date: Wed, 9 Jan 2013 10:10:31 +0100 Message-ID: From: Erwann Abalea To: Leif Johansson Content-Type: multipart/alternative; boundary=bcaec5196d713ff28004d2d76f3e X-Mailman-Approved-At: Wed, 09 Jan 2013 01:21:50 -0800 Cc: wpkops@ietf.org Subject: Re: [wpkops] Some lessons of the Turktrust incident X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 09:10:36 -0000 --bcaec5196d713ff28004d2d76f3e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Major browsers seem to deal correctly with basicConstraints. iOS and MacOSX don't handle NameConstraints, Mozilla used to apply them to SAN only. For software stacks, OpenSSL handles BC well, I haven't checked about NC but it should be OK. GNUtls correctly handles BC since version 3.1.3, don't know if the patch has been backported to 3.0 and 2.6; it can't handle NC at all. GNUtls is widely used on Debian/Ubuntu. Java needs some testing. NSS is fine. Lesser used stacks. PolarSSL doesn't check NC, and based on my readings of the source code, BC support is incomplete. Don't know about other stacks. Le 9 janv. 2013 08:40, "Leif Johansson" a =C3=A9crit : > > > This is something that is easily implemented using a path length > > constraint but you have to know that there is a potential problem to > > avoid it. > > > Has anyone done interop testing in the wild for path length and name > constraints, eg > for commonly deployed TLS stacks and browsers? > > Cheers Leif > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops > --bcaec5196d713ff28004d2d76f3e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Major browsers seem to deal correctly with basicConstraints. iOS and Mac= OSX don't handle NameConstraints, Mozilla used to apply them to SAN onl= y.

For software stacks, OpenSSL handles BC well, I haven't checked abou= t NC but it should be OK.
GNUtls correctly handles BC since version 3.1.3, don't know if the patc= h has been backported to 3.0 and 2.6; it can't handle NC at all. GNUtls= is widely used on Debian/Ubuntu.
Java needs some testing.
NSS is fine.

Lesser used stacks. PolarSSL doesn't check NC, and based on my readi= ngs of the source code, BC support is incomplete. Don't know about othe= r stacks.

Le 9 janv. 2013 08:40, "Leif Johansson"= ; <leifj@mnt.se> a =C3=A9crit=C2= =A0:

> This is something that is easily implemented using a path length
> constraint but you have to know that there is a potential problem to > avoid it.
>
Has anyone done interop testing in the wild for path length and name
constraints, eg
for commonly deployed TLS stacks and browsers?

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Cheers Leif
_______________________________________________
wpkops mailing list
wpkops@ietf.org
= https://www.ietf.org/mailman/listinfo/wpkops

--bcaec5196d713ff28004d2d76f3e-- From eabalea@gmail.com Wed Jan 9 01:33:03 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E63121F8696 for ; Wed, 9 Jan 2013 01:33:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.976 X-Spam-Level: X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRQKbU5MgODG for ; Wed, 9 Jan 2013 01:33:02 -0800 (PST) Received: from mail-vb0-f45.google.com (mail-vb0-f45.google.com [209.85.212.45]) by ietfa.amsl.com (Postfix) with ESMTP id A474E21F85D6 for ; Wed, 9 Jan 2013 01:33:02 -0800 (PST) Received: by mail-vb0-f45.google.com with SMTP id p1so1325169vbi.4 for ; Wed, 09 Jan 2013 01:33:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=yXxCQhl+9QlEeKqnpGVES2WyrNJ/k7o/QsgMcjYuOgI=; b=Y9zCLQZvcXe98Axfh6aDpUdZo9gWEZse6vMTuEXq4RsixiVtTVwQ+2RzkTzw1GjrV2 a55z66us2d4nKTgE3mF6PlbXYA5aQNebK2l1D5WWUg/XHsttxtv2UEIYX3aD8laz9ghg NaHUueu5Tb0q8LlX/oYUadlODXZxW+930u2DZW6yRsqp/01LG0qYTLFa1ZpZdD6nrsAu jSL7AEl5F1OHHZaXcuwMYRKu1lTP+pQj4fgPLpwWa4lEMiRiRtd1LhL9/Kt5l+FiTuIY onj3C1XMvt91KxpOSc9XiA7cH9G2ANTVypklp+gd1qpR3+rKyeaV7yhpdNIJPy5HJjki TukQ== MIME-Version: 1.0 Received: by 10.52.95.203 with SMTP id dm11mr77171916vdb.112.1357723982081; Wed, 09 Jan 2013 01:33:02 -0800 (PST) Sender: eabalea@gmail.com Received: by 10.52.69.44 with HTTP; Wed, 9 Jan 2013 01:33:01 -0800 (PST) In-Reply-To: <50ED1EE2.2080900@mnt.se> References: <50ED1EE2.2080900@mnt.se> Date: Wed, 9 Jan 2013 10:33:01 +0100 X-Google-Sender-Auth: Nj9uE-aaPfGxU5F4_W9V-ykHBbM Message-ID: From: Erwann ABALEA To: wpkops@ietf.org Content-Type: multipart/alternative; boundary=bcaec50162a1a7ae6604d2d7bf44 Subject: Re: [wpkops] Some lessons of the Turktrust incident X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 09:33:03 -0000 --bcaec50162a1a7ae6604d2d7bf44 Content-Type: text/plain; charset=UTF-8 [Repost with my correct sender address] Major browsers seem to deal correctly with basicConstraints. iOS and MacOSX don't handle NameConstraints, Mozilla used to apply them to SAN only. For software stacks, OpenSSL handles BC well, I haven't checked about NC but it should be OK. GNUtls correctly handles BC since version 3.1.3, don't know if the patch has been backported to 3.0 and 2.6; it can't handle NC at all. GNUtls is widely used on Debian/Ubuntu. Java needs some testing. NSS is fine. Lesser used stacks. PolarSSL doesn't check NC, and based on my readings of the source code, BC support is incomplete. Don't know about other stacks. 2013/1/9 Leif Johansson > > > This is something that is easily implemented using a path length > > constraint but you have to know that there is a potential problem to > > avoid it. > > > Has anyone done interop testing in the wild for path length and name > constraints, eg > for commonly deployed TLS stacks and browsers? > -- Erwann. --bcaec50162a1a7ae6604d2d7bf44 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

[Repost with my correct sender address]=

Major browsers seem to deal correctly with basicConstraints. iOS and MacOSX= don't handle NameConstraints, Mozilla used to apply them to SAN only.<= /p>

For software stacks, OpenSSL handles BC well, I haven't checked about N= C but it should be OK.
GNUtls correctly handles BC since version 3.1.3, = don't know if the patch has been backported to 3.0 and 2.6; it can'= t handle NC at all. GNUtls is widely used on Debian/Ubuntu.
Java needs some testing.
NSS is fine.

Lesser used stacks. PolarSSL doesn't check NC, and based on my rea= dings of the source code, BC support is incomplete. Don't know about ot= her stacks.

2013/1/9 Leif Johansson &l= t;leifj@mnt.se>

> This is something that is easily implemented using a path length
> constraint but you have to know that there is a potential problem to > avoid it.
>

Has anyone done interop testing in the wild for path length and name<= br> constraints, eg
for commonly deployed TLS stacks and browsers?

<= br>

--
Erwann. --bcaec50162a1a7ae6604d2d7bf44-- From hallam@gmail.com Wed Jan 9 04:02:34 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FB3521F85C8 for ; Wed, 9 Jan 2013 04:02:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.598 X-Spam-Level: X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KjnJkjKPSUBR for ; Wed, 9 Jan 2013 04:02:33 -0800 (PST) Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id 407E821F86E4 for ; Wed, 9 Jan 2013 04:02:33 -0800 (PST) Received: by mail-lb0-f172.google.com with SMTP id y2so995230lbk.3 for ; Wed, 09 Jan 2013 04:02:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=izKZuzVHq/gJc5OSLsVPytAMrdeTttBCm/C1Fj/AUMI=; b=FyaLI8tS1bGIuz72M7CFSDdM42Hj19VWvEro6SBg99ae4eHmHpFVBBU8czWwp2Jkng SJZLQr8ahSssxcmWSYJFxVrqEGQeBn/mKLxzs1OtNoCQeQ5LFWNRjumJQcGpru7xhbU6 +uOmQ3DhD3FAwfbPD4BUJgA/dbTzkigmygPqxbLnyIrNUgTUDhdb9a717rbkzn+J1NBX XrjPjbcnC5yCTOlNu2TUW1uiicthLwfaXAjUZYy4nd8CB8b9ZzZunVxCRD1QvVD9O9XD lU+0HvNv2/nIpPatTM/5xViLend8Viq/nnejnrTxWOJgDaYKg4fVRsjn9K3NH8cn18hH obsg== MIME-Version: 1.0 Received: by 10.112.26.70 with SMTP id j6mr26335758lbg.55.1357732952083; Wed, 09 Jan 2013 04:02:32 -0800 (PST) Received: by 10.112.60.166 with HTTP; Wed, 9 Jan 2013 04:02:31 -0800 (PST) In-Reply-To: <50ED1EE2.2080900@mnt.se> References: <50ED1EE2.2080900@mnt.se> Date: Wed, 9 Jan 2013 07:02:31 -0500 Message-ID: From: Phillip Hallam-Baker To: Leif Johansson Content-Type: multipart/alternative; boundary=bcaec55556304f0e6104d2d9d6fd Cc: wpkops@ietf.org Subject: Re: [wpkops] Some lessons of the Turktrust incident X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 12:02:34 -0000 --bcaec55556304f0e6104d2d9d6fd Content-Type: text/plain; charset=ISO-8859-1 My main concern is to detect anomalies. Blocking in the browser protects one user. Detecting that there is a problem and reporting it protects millions. On Wed, Jan 9, 2013 at 2:40 AM, Leif Johansson wrote: > > > This is something that is easily implemented using a path length > > constraint but you have to know that there is a potential problem to > > avoid it. > > > Has anyone done interop testing in the wild for path length and name > constraints, eg > for commonly deployed TLS stacks and browsers? > > Cheers Leif > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops > -- Website: http://hallambaker.com/ --bcaec55556304f0e6104d2d9d6fd Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable My main concern is to detect anomalies. Blocking in the browser protects on= e user. Detecting that there is a problem and reporting it protects million= s.

On Wed, Jan 9, 2013 at= 2:40 AM, Leif Johansson <leifj@mnt.se> wrote:

> This is something that is easily implemented using a path length
> constraint but you have to know that there is a potential problem to > avoid it.
>

Has anyone done interop testing in the wild for path length and name<= br> constraints, eg
for commonly deployed TLS stacks and browsers?

=A0 =A0 =A0 =A0 =A0 =A0 Cheers Leif
_______________________________________________
wpkops mailing list
wpkops@ietf.org
= https://www.ietf.org/mailman/listinfo/wpkops

--
Website: http://hallambaker.com/

--bcaec55556304f0e6104d2d9d6fd-- From leifj@mnt.se Wed Jan 9 05:13:52 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D362921F86DC for ; Wed, 9 Jan 2013 05:13:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OBX0BH-XfNxU for ; Wed, 9 Jan 2013 05:13:51 -0800 (PST) Received: from mail-lb0-f174.google.com (mail-lb0-f174.google.com [209.85.217.174]) by ietfa.amsl.com (Postfix) with ESMTP id 5A1B321F85F7 for ; Wed, 9 Jan 2013 05:13:51 -0800 (PST) Received: by mail-lb0-f174.google.com with SMTP id gi11so1045428lbb.33 for ; Wed, 09 Jan 2013 05:13:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type:x-gm-message-state; bh=WTzpQH9ZsHO7hY62vC5VVbvcEX+9k0Ax6/f0Ikq4yPA=; b=Sz9IiUPE8UI3QltnJJQ4d6m/10v2SAClMr4Uf6jZGz1IJqqn/rvW+gIex5BlBEK2NV ch61sfUmk6i/zz3YK0zXyz5REnWWwkMEyOc+V+r45sc8j+6HlocPy3N52ifkjkKEBB7e M1LoDj+5G8zeNcUezAjRC3ux4ZtG2A8WWBCdjJSQp+bUHWJ5sVptqVDrAFuX3W+kRb3y xt7CNY9a6MazhNKnrgxc2ulWSxLboESYDjT1D4zcDZb9na5D2FKp8UedpJlO/aCgjowO jozxovI1v0ksRSJtLdRORc2r3iflILTx9CL9mY8ZP6PpS57ZFbnbUE1dt+JqMGGiRbJb qLSQ== X-Received: by 10.152.125.237 with SMTP id mt13mr65396576lab.45.1357737230037; Wed, 09 Jan 2013 05:13:50 -0800 (PST) Received: from ?IPv6:2001:6b0:7:0:2890:e461:9f0e:1b44? ([2001:6b0:7:0:2890:e461:9f0e:1b44]) by mx.google.com with ESMTPS id f8sm17024639lbg.2.2013.01.09.05.13.48 (version=SSLv3 cipher=OTHER); Wed, 09 Jan 2013 05:13:48 -0800 (PST) Message-ID: <50ED6D0B.50803@mnt.se> Date: Wed, 09 Jan 2013 14:13:47 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: Erwann Abalea References: <50ED1EE2.2080900@mnt.se> In-Reply-To: Content-Type: multipart/alternative; boundary="------------010005090902090007020606" X-Gm-Message-State: ALoCoQnGp7amxImlEzrdFxBML5bAervdG75xaOPCmae8kSqLbGR18SG548qmtiA9C4Rtg6ZsNSjw Cc: wpkops@ietf.org Subject: Re: [wpkops] Some lessons of the Turktrust incident X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 13:13:52 -0000 This is a multi-part message in MIME format. --------------010005090902090007020606 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On 01/09/2013 10:10 AM, Erwann Abalea wrote: > > Major browsers seem to deal correctly with basicConstraints. iOS and > MacOSX don't handle NameConstraints, Mozilla used to apply them to SAN > only. > Your definition of "major" differ a bit from mine :-) > > For software stacks, OpenSSL handles BC well, I haven't checked about > NC but it should be OK. > GNUtls correctly handles BC since version 3.1.3, don't know if the > patch has been backported to 3.0 and 2.6; it can't handle NC at all. > GNUtls is widely used on Debian/Ubuntu. > Java needs some testing. > NSS is fine. > thx > > Lesser used stacks. PolarSSL doesn't check NC, and based on my > readings of the source code, BC support is incomplete. Don't know > about other stacks. > > Le 9 janv. 2013 08:40, "Leif Johansson" > a écrit : > > > > This is something that is easily implemented using a path length > > constraint but you have to know that there is a potential problem to > > avoid it. > > > Has anyone done interop testing in the wild for path length and name > constraints, eg > for commonly deployed TLS stacks and browsers? > > Cheers Leif > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops > --------------010005090902090007020606 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

On 01/09/2013 10:10 AM, Erwann Abalea wrote:

Major browsers seem to deal correctly with basicConstraints. iOS and MacOSX don't handle NameConstraints, Mozilla used to apply them to SAN only.

Your definition of "major" differ a bit from mine :-)

For software stacks, OpenSSL handles BC well, I haven't checked about NC but it should be OK.
GNUtls correctly handles BC since version 3.1.3, don't know if the patch has been backported to 3.0 and 2.6; it can't handle NC at all. GNUtls is widely used on Debian/Ubuntu.
Java needs some testing.
NSS is fine.

thx

Lesser used stacks. PolarSSL doesn't check NC, and based on my readings of the source code, BC support is incomplete. Don't know about other stacks.

Le 9 janv. 2013 08:40, "Leif Johansson" <leifj@mnt.se> a écrit :

> This is something that is easily implemented using a path length
> constraint but you have to know that there is a potential problem to
> avoid it.
>
Has anyone done interop testing in the wild for path length and name
constraints, eg
for commonly deployed TLS stacks and browsers?

Cheers Leif
_______________________________________________
wpkops mailing list
wpkops@ietf.org
https://www.ietf.org/mailman/listinfo/wpkops

--------------010005090902090007020606-- From leifj@mnt.se Wed Jan 9 05:23:32 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0896621F8700 for ; Wed, 9 Jan 2013 05:23:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.599 X-Spam-Level: X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AFaaQ+U9zjQp for ; Wed, 9 Jan 2013 05:23:31 -0800 (PST) Received: from mail-lb0-f178.google.com (mail-lb0-f178.google.com [209.85.217.178]) by ietfa.amsl.com (Postfix) with ESMTP id 35FE321F85D0 for ; Wed, 9 Jan 2013 05:23:31 -0800 (PST) Received: by mail-lb0-f178.google.com with SMTP id l5so1052895lbo.37 for ; Wed, 09 Jan 2013 05:23:30 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding:x-gm-message-state; bh=bmodRXD+BPkCY1wyu830+Bsw1Bn1W99Um9icvvXAE0I=; b=b+Gg8unEUQysVU/MV/KW45uAVsqFh+HcSo6K0VY7i5oGAi5PkT91yokngvCcGoNuTz LqyA97dmPT4F5Hrf+mqe85JEHBu4PDf6ivWkTLkyklpWSZ5JJuKiZhlkUzIPUM+1YCz8 u76Wc77Hr2tMp1y/qf38BEBytcSW5eqHt99Yhi2TwbGqATXuSE7nonlnGGR+piNmuR3B Hf7KyxTAfqFRmmxyTZF0/sR2fn7PPD+cuzVKm9sWSKYN2kIwececJhu6BlnOuaeb0JmJ xOnOrKcIk9znBjQeH8ghZYbkPN8/SUE6ocPgL54Y6ZDwUKpMCeIkWhTnf6tkdAnVc0qm g+mA== X-Received: by 10.152.108.48 with SMTP id hh16mr64391262lab.25.1357737810145; Wed, 09 Jan 2013 05:23:30 -0800 (PST) Received: from ?IPv6:2001:6b0:7:0:2890:e461:9f0e:1b44? ([2001:6b0:7:0:2890:e461:9f0e:1b44]) by mx.google.com with ESMTPS id n7sm23979646lbz.5.2013.01.09.05.23.28 (version=SSLv3 cipher=OTHER); Wed, 09 Jan 2013 05:23:29 -0800 (PST) Message-ID: <50ED6F4F.6000607@mnt.se> Date: Wed, 09 Jan 2013 14:23:27 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: Phillip Hallam-Baker References: <50ED1EE2.2080900@mnt.se> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQkXgpOJw9Uf9eooyx3AVAbluxjIc5e6TwDAD8pTg8nJhaJsPvUFD7NHOowiM9MrfbwnNFYd Cc: wpkops@ietf.org Subject: Re: [wpkops] Some lessons of the Turktrust incident X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 13:23:32 -0000 On 01/09/2013 01:02 PM, Phillip Hallam-Baker wrote: > My main concern is to detect anomalies. Blocking in the browser > protects one user. Detecting that there is a problem and reporting it > protects millions. So give the SSL observatory access to your customer db. Done. From hallam@gmail.com Wed Jan 9 06:33:50 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B41B21F86D9 for ; Wed, 9 Jan 2013 06:33:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.598 X-Spam-Level: X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vCS7QArj7kja for ; Wed, 9 Jan 2013 06:33:49 -0800 (PST) Received: from mail-lb0-f179.google.com (mail-lb0-f179.google.com [209.85.217.179]) by ietfa.amsl.com (Postfix) with ESMTP id CCB5921F85D6 for ; Wed, 9 Jan 2013 06:33:48 -0800 (PST) Received: by mail-lb0-f179.google.com with SMTP id gm13so1084408lbb.24 for ; Wed, 09 Jan 2013 06:33:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=/p2JG2jOUe5K+xoUyxDiQfYsjVdkIVNJydDDHN6llRM=; b=vlAwO6LU/eL/qyseI+90TUCR6w7CDI8hp/drKc7FSW3Tfa1EcwSDNN7UMP0Anv5GKz IejDt42HdtRdqI85ZKOm1MeqaMyEXBLSAPSNfvY/gt6cM0e/mGUHOZ7lZuqbCyQ8O5sk AdKS5xlKMLOgI7DJWV3O78cus98kHAsE43VRu/Ia1zQdNdkekhmaHSJ9sZzImdUNlwJB aRiVdsmnRpNtSAf7H5pvaIDuVNovslHDFvjMJXuHOxLPESYNcaZ7kBuoUPx7v86pX7+C ponvrcCjavZZApza/lL75zmr5bxANcIFBjLOg2oVKI8+FIEIG4dCbas1NbIuP9OodDNh KBDg== MIME-Version: 1.0 Received: by 10.112.84.130 with SMTP id z2mr27999889lby.65.1357742027443; Wed, 09 Jan 2013 06:33:47 -0800 (PST) Received: by 10.112.60.166 with HTTP; Wed, 9 Jan 2013 06:33:47 -0800 (PST) In-Reply-To: <50ED6F4F.6000607@mnt.se> References: <50ED1EE2.2080900@mnt.se> <50ED6F4F.6000607@mnt.se> Date: Wed, 9 Jan 2013 09:33:47 -0500 Message-ID: From: Phillip Hallam-Baker To: Leif Johansson Content-Type: multipart/alternative; boundary=f46d04016c273e0c9104d2dbf3fb Cc: wpkops@ietf.org Subject: Re: [wpkops] Some lessons of the Turktrust incident X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 14:33:50 -0000 --f46d04016c273e0c9104d2dbf3fb Content-Type: text/plain; charset=ISO-8859-1 On Wed, Jan 9, 2013 at 8:23 AM, Leif Johansson wrote: > On 01/09/2013 01:02 PM, Phillip Hallam-Baker wrote: > > My main concern is to detect anomalies. Blocking in the browser > > protects one user. Detecting that there is a problem and reporting it > > protects millions. > So give the SSL observatory access to your customer db. Done. > That is not the roadblock, they already have far more certs than are necessary to have a pretty good statistical idea of what is going on. The problem is the lack of a definitive specification of normal. Comodo is not necessarily adverse to release of the database. The question would be reciprocity. If everyone does it then the release becomes a wash as far as commercial advantage goes. -- Website: http://hallambaker.com/ --f46d04016c273e0c9104d2dbf3fb Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On Wed, Jan 9, 2013 at 8:23 AM, Leif Joh= ansson <leifj@mnt.se> wrote:

On 01/09/2013 01:02 PM, Phillip Hallam-Baker wrote:
> My main concern is to detect anomalies. Blocking in the browser
> protects one user. Detecting that there is a problem and reporting it<= br> > protects millions.

So give the SSL observatory access to your customer db. Done.

That is not the roadblock, they already have far mor= e certs than are necessary to have a pretty good statistical idea of what i= s going on. The problem is the lack of a definitive specification of normal= .

Comodo is not necessarily adverse to release of the database= . The question would be reciprocity. If everyone does it then the release b= ecomes a wash as far as commercial advantage goes.=A0

--
Website: http://hallam= baker.com/

--f46d04016c273e0c9104d2dbf3fb-- From sean.mullan@oracle.com Wed Jan 9 08:45:28 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B37C321F85CB for ; Wed, 9 Jan 2013 08:45:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KkVgC34vmKeh for ; Wed, 9 Jan 2013 08:45:27 -0800 (PST) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id C579621F85D2 for ; Wed, 9 Jan 2013 08:45:27 -0800 (PST) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id r09GjQiw024330 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 9 Jan 2013 16:45:27 GMT Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r09GjPJZ011061 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 9 Jan 2013 16:45:26 GMT Received: from abhmt113.oracle.com (abhmt113.oracle.com [141.146.116.65]) by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id r09GjPxQ015499 for ; Wed, 9 Jan 2013 10:45:25 -0600 Received: from [10.154.102.16] (/10.154.102.16) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 09 Jan 2013 08:45:25 -0800 Message-ID: <50ED9EA4.8070005@oracle.com> Date: Wed, 09 Jan 2013 11:45:24 -0500 From: Sean Mullan User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: wpkops@ietf.org References: <50ED1EE2.2080900@mnt.se> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: acsinet21.oracle.com [141.146.126.237] Subject: Re: [wpkops] Some lessons of the Turktrust incident X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 16:45:28 -0000 On 01/09/2013 04:33 AM, Erwann ABALEA wrote: > [Repost with my correct sender address] > > Major browsers seem to deal correctly with basicConstraints. iOS and > MacOSX don't handle NameConstraints, Mozilla used to apply them to SAN only. > > For software stacks, OpenSSL handles BC well, I haven't checked about NC > but it should be OK. > GNUtls correctly handles BC since version 3.1.3, don't know if the patch > has been backported to 3.0 and 2.6; it can't handle NC at all. GNUtls is > widely used on Debian/Ubuntu. > Java needs some testing. Java supports both the Name Constraints extension and Basic Constraints extension path length constraints, in TLS, or in other usages. Let me know if you need more information. --Sean > NSS is fine. > > Lesser used stacks. PolarSSL doesn't check NC, and based on my readings > of the source code, BC support is incomplete. Don't know about other stacks. > > > 2013/1/9 Leif Johansson > > > > > This is something that is easily implemented using a path length > > constraint but you have to know that there is a potential problem to > > avoid it. > > > Has anyone done interop testing in the wild for path length and name > constraints, eg > for commonly deployed TLS stacks and browsers? > > > -- > Erwann. > > > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops > From Jeff.Hodges@KingsMountain.com Mon Jan 14 20:10:41 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F12511E8097 for ; Mon, 14 Jan 2013 20:10:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.265 X-Spam-Level: X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uX606xmzLoXr for ; Mon, 14 Jan 2013 20:10:40 -0800 (PST) Received: from oproxy14-pub.unifiedlayer.com (oproxy14-pub.unifiedlayer.com [67.222.51.224]) by ietfa.amsl.com (Postfix) with SMTP id 7F06821F8B36 for ; Mon, 14 Jan 2013 20:10:38 -0800 (PST) Received: (qmail 11205 invoked by uid 0); 15 Jan 2013 04:10:37 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy14.unifiedlayer.com with SMTP; 15 Jan 2013 04:10:37 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=k5grS9hukejajA0LXoRYXkS6bYEK/cM8IFtWXtmUtKk=; b=OFqLVeF4/NsB3PqjwCyUFrVA6q/Db7O9TMTWyPhVDxO1odKdUmBa8vbD1bO1zCkMS8N9ibD/9sEY0v7PgvRh9sETnajBrUFdcsCax6z4dhmZ/Ukb8RZeodEdMPjCwFnE; Received: from [24.4.122.173] (port=39183 helo=[192.168.11.12]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.80) (envelope-from ) id 1TuxrB-0003pk-1H; Mon, 14 Jan 2013 21:10:37 -0700 Message-ID: <50F4D6BC.7060808@KingsMountain.com> Date: Mon, 14 Jan 2013 20:10:36 -0800 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: Tim Moses , Ronald Bonica Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 24.4.122.173 authed with jeff.hodges+kingsmountain.com} Cc: wpkops@ietf.org Subject: Re: [wpkops] Chartering & WPKOPS draft charter v07 X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2013 04:10:41 -0000 WPKOPS draft charter v07 looked fine by me, thx to Tim for updating, apologies for latency in replying. On which IESG telecon is chartering of WPKOPS to be discussed ? (assuming I have the procedure correct) thanks, =JeffH From rbonica@juniper.net Tue Jan 15 06:45:55 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F90C21F871C for ; Tue, 15 Jan 2013 06:45:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.969 X-Spam-Level: X-Spam-Status: No, score=-102.969 tagged_above=-999 required=5 tests=[AWL=0.498, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tw5DA5EYeyXx for ; Tue, 15 Jan 2013 06:45:54 -0800 (PST) Received: from exprod7og111.obsmtp.com (exprod7og111.obsmtp.com [64.18.2.175]) by ietfa.amsl.com (Postfix) with ESMTP id F218921F86D8 for ; Tue, 15 Jan 2013 06:45:53 -0800 (PST) Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob111.postini.com ([64.18.6.12]) with SMTP ID DSNKUPVroSxeG3vqXqqAsl6X0ye3PQVlaOiX@postini.com; Tue, 15 Jan 2013 06:45:54 PST Received: from P-CLDFE01-HQ.jnpr.net (172.24.192.59) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Tue, 15 Jan 2013 06:42:11 -0800 Received: from o365mail.juniper.net (207.17.137.149) by o365mail.juniper.net (172.24.192.59) with Microsoft SMTP Server id 14.1.355.2; Tue, 15 Jan 2013 06:42:10 -0800 Received: from ch1outboundpool.messaging.microsoft.com (216.32.181.186) by o365mail.juniper.net (207.17.137.149) with Microsoft SMTP Server (TLS) id 14.1.355.2; Tue, 15 Jan 2013 06:44:01 -0800 Received: from mail42-ch1-R.bigfish.com (10.43.68.226) by CH1EHSOBE016.bigfish.com (10.43.70.66) with Microsoft SMTP Server id 14.1.225.23; Tue, 15 Jan 2013 14:42:09 +0000 Received: from mail42-ch1 (localhost [127.0.0.1]) by mail42-ch1-R.bigfish.com (Postfix) with ESMTP id 1CBBC6035F for ; Tue, 15 Jan 2013 14:42:09 +0000 (UTC) X-Forefront-Antispam-Report: CIP:157.56.238.5; KIP:(null); UIP:(null); (null); H:BY2PRD0512HT002.namprd05.prod.outlook.com; R:internal; EFV:INT X-SpamScore: -23 X-BigFish: PS-23(zz9371I542I1432Izz1ee6h1de0h1202h1e76h1d1ah1d2ahzz1033IL8275dhz2dh2a8h668h839h944hd25hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh15d0h162dh1631h1758h1155h) Received: from mail42-ch1 (localhost.localdomain [127.0.0.1]) by mail42-ch1 (MessageSwitch) id 1358260926954624_6269; Tue, 15 Jan 2013 14:42:06 +0000 (UTC) Received: from CH1EHSMHS007.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.242]) by mail42-ch1.bigfish.com (Postfix) with ESMTP id E35A44E0187; Tue, 15 Jan 2013 14:42:06 +0000 (UTC) Received: from BY2PRD0512HT002.namprd05.prod.outlook.com (157.56.238.5) by CH1EHSMHS007.bigfish.com (10.43.70.7) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 15 Jan 2013 14:42:06 +0000 Received: from BY2PRD0512MB653.namprd05.prod.outlook.com ([169.254.5.240]) by BY2PRD0512HT002.namprd05.prod.outlook.com ([10.255.243.35]) with mapi id 14.16.0257.004; Tue, 15 Jan 2013 14:42:05 +0000 From: Ronald Bonica To: =JeffH , Tim Moses Thread-Topic: [wpkops] Chartering & WPKOPS draft charter v07 Thread-Index: AQHN8tZLD4Vw3oHCXEScyNCheI8uaZhKdvlA Date: Tue, 15 Jan 2013 14:42:05 +0000 Message-ID: <2CF4CB03E2AA464BA0982EC92A02CE2501E3701A@BY2PRD0512MB653.namprd05.prod.outlook.com> References: <50F4D6BC.7060808@KingsMountain.com> In-Reply-To: <50F4D6BC.7060808@KingsMountain.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [66.129.232.2] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%12219$Dn%KINGSMOUNTAIN.COM$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net X-FOPE-CONNECTOR: Id%12219$Dn%ENTRUST.COM$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net X-FOPE-CONNECTOR: Id%12219$Dn%IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net Cc: "wpkops@ietf.org" Subject: Re: [wpkops] Chartering & WPKOPS draft charter v07 X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2013 14:45:55 -0000 Hi Jeff, There is a bit of a process, here. The WG Charter is in the "Initial Review= " state, which will expire on January 21. I can put it on the first IESG te= lechat after that. Ron > -----Original Message----- > From: =3DJeffH [mailto:Jeff.Hodges@KingsMountain.com] > Sent: Monday, January 14, 2013 11:11 PM > To: Tim Moses; Ronald Bonica > Cc: wpkops@ietf.org > Subject: Re: [wpkops] Chartering & WPKOPS draft charter v07 >=20 > WPKOPS draft charter v07 looked fine by me, thx to Tim for updating, > apologies for latency in replying. >=20 > On which IESG telecon is chartering of WPKOPS to be discussed ? > (assuming I have the procedure correct) >=20 > thanks, >=20 > =3DJeffH From rbonica@juniper.net Wed Jan 30 12:07:36 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84F9121F84CE for ; Wed, 30 Jan 2013 12:07:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.367 X-Spam-Level: X-Spam-Status: No, score=-103.367 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uz-sOobELfPF for ; Wed, 30 Jan 2013 12:07:35 -0800 (PST) Received: from exprod7og119.obsmtp.com (exprod7og119.obsmtp.com [64.18.2.16]) by ietfa.amsl.com (Postfix) with ESMTP id C820D21F84BB for ; Wed, 30 Jan 2013 12:07:33 -0800 (PST) Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob119.postini.com ([64.18.6.12]) with SMTP ID DSNKUQl9g8KyRFoSRiWIRJwzF9CfkawKdQil@postini.com; Wed, 30 Jan 2013 12:07:33 PST Received: from P-CLDFE02-HQ.jnpr.net (172.24.192.60) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Wed, 30 Jan 2013 12:06:24 -0800 Received: from o365mail.juniper.net (207.17.137.149) by o365mail.juniper.net (172.24.192.60) with Microsoft SMTP Server id 14.1.355.2; Wed, 30 Jan 2013 12:06:23 -0800 Received: from CO9EHSOBE026.bigfish.com (207.46.163.28) by o365mail.juniper.net (207.17.137.149) with Microsoft SMTP Server (TLS) id 14.1.355.2; Wed, 30 Jan 2013 12:08:38 -0800 Received: from mail168-co9-R.bigfish.com (10.236.132.240) by CO9EHSOBE026.bigfish.com (10.236.130.89) with Microsoft SMTP Server id 14.1.225.23; Wed, 30 Jan 2013 20:06:23 +0000 Received: from mail168-co9 (localhost [127.0.0.1]) by mail168-co9-R.bigfish.com (Postfix) with ESMTP id 0E1851C0186 for ; Wed, 30 Jan 2013 20:06:23 +0000 (UTC) X-Forefront-Antispam-Report: CIP:157.56.238.5; KIP:(null); UIP:(null); (null); H:BY2PRD0512HT002.namprd05.prod.outlook.com; R:internal; EFV:INT X-SpamScore: -24 X-BigFish: PS-24(zz9371I1454I542I1432Ic857hzz1ee6h1de0h1202h1e76h1d1ah1d2ahzz1033IL8275dh8275bhz2dh2a8h668h839hd25hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h34h1155h) Received: from mail168-co9 (localhost.localdomain [127.0.0.1]) by mail168-co9 (MessageSwitch) id 1359576380659383_12253; Wed, 30 Jan 2013 20:06:20 +0000 (UTC) Received: from CO9EHSMHS006.bigfish.com (unknown [10.236.132.228]) by mail168-co9.bigfish.com (Postfix) with ESMTP id 9CEF78C0056; Wed, 30 Jan 2013 20:06:20 +0000 (UTC) Received: from BY2PRD0512HT002.namprd05.prod.outlook.com (157.56.238.5) by CO9EHSMHS006.bigfish.com (10.236.130.16) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 30 Jan 2013 20:06:15 +0000 Received: from BY2PRD0512MB653.namprd05.prod.outlook.com ([169.254.5.58]) by BY2PRD0512HT002.namprd05.prod.outlook.com ([10.255.243.35]) with mapi id 14.16.0263.000; Wed, 30 Jan 2013 20:06:14 +0000 From: Ronald Bonica To: "wpkops@ietf.org" , "adrian@olddog.co.uk" Thread-Topic: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) Thread-Index: AQHN/vdN2UfgvAZum06YFXMSILhrUphh+AwQgAAtlICAACWwoA== Date: Wed, 30 Jan 2013 20:06:14 +0000 Message-ID: <2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8@BY2PRD0512MB653.namprd05.prod.outlook.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [66.129.224.53] Content-Type: multipart/mixed; boundary="_002_2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8BY2PRD0512MB653_" MIME-Version: 1.0 X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%12219$Dn%IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net X-FOPE-CONNECTOR: Id%12219$Dn%OLDDOG.CO.UK$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net Subject: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jan 2013 20:07:36 -0000 --_002_2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8BY2PRD0512MB653_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Rm9sa3MsDQoNCkFkcmlhbiBGYXJyZWwgaGFzIHBvc3RlZCBhIGJsb2NraW5nIG9iamVjdGlvbiB0 byB0aGUgcHJvcG9zZWQgV1BLT1BTIGNoYXJ0ZXIgYW5kIG9mZmVyZWQgYWx0ZXJuYXRpdmUgdGV4 dCAoYXR0YWNoZWQpLiBJTUhPLCB0aGUgdGV4dCB0aGF0IEFkcmlhbiBwcm9wb3NlcyBkb2VzIG5v dCBpbiBhbnkgd2F5IGNoYW5nZSB0aGUgV0cncyBjaGFydGVyLiANCg0KRG9lcyBhbnlvbmUgb2Jq ZWN0IHRvIHVzaW5nIEFkcmlhbidzIGFsdGVybmF0aXZlIHRleHQ/DQoNCiAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBSb24NCg0KPiAtLS0tLU9yaWdpbmFs IE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBBZHJpYW4gRmFycmVsIFttYWlsdG86YWRyaWFuQG9sZGRv Zy5jby51a10NCj4gU2VudDogV2VkbmVzZGF5LCBKYW51YXJ5IDMwLCAyMDEzIDEyOjQ3IFBNDQo+ IFRvOiBSb25hbGQgQm9uaWNhOyAnVGhlIElFU0cnDQo+IFN1YmplY3Q6IFJFOiBBZHJpYW4gRmFy cmVsJ3MgQmxvY2sgb24gY2hhcnRlci1pZXRmLXdwa29wcy0wMC0wMTogKHdpdGgNCj4gQkxPQ0sp DQo+IA0KPiBBbHJpZ2h0IFJvbiwNCj4gDQo+IEhvdyBkb2VzIHRoZSBhdHRhY2hlZCBsb29rPyBJ IGJlbGlldmUgSSBoYXZlIGNhcHR1cmVkIGFsbCBvZiB0aGUgV0cNCj4gYWN0aW9ucywgYW5kIGFs bCBvZiB0aGUgb3V0IG9mIHNjb3BlIGl0ZW1zLg0KPiANCj4gQnV0IEkgaGF2ZSBhbHNvIHRyaWVk IHRvIHJlbW92ZSBhIGxvdCBvZiB0aGUgZXhwbGFuYXRpb24gYW5kIGhpc3RvcnkuIEkNCj4gY2Fu IGJlbGlldmUgdGhpcyBpcyBpbnRlcmVzdGluZywgYnV0IG5vdCB0aGF0IGl0IGJlbG9uZ3MgaW4g dGhlDQo+IGNoYXJ0ZXIuDQo+IA0KPiBJZiBpdCBpcyBubyBnb29kLCB0aHJvdyBpdCBvdXQgYW5k IEkgd2lsbCBwcm9iYWJseSBOb29iaiB0aGUgY2hhcnRlcg0KPiAoZ2l2ZW4gdGhlICJ1cmdlbmN5 IiA6LSkNCj4gDQo+IEENCj4gDQo+ID4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gPiBG cm9tOiBpZXNnLWJvdW5jZXNAaWV0Zi5vcmcgW21haWx0bzppZXNnLWJvdW5jZXNAaWV0Zi5vcmdd IE9uIEJlaGFsZg0KPiA+IE9mIFJvbmFsZCBCb25pY2ENCj4gPiBTZW50OiAzMCBKYW51YXJ5IDIw MTMgMTU6MTINCj4gPiBUbzogQWRyaWFuIEZhcnJlbDsgVGhlIElFU0cNCj4gPiBTdWJqZWN0OiBS RTogQWRyaWFuIEZhcnJlbCdzIEJsb2NrIG9uIGNoYXJ0ZXItaWV0Zi13cGtvcHMtMDAtMDE6DQo+ ICh3aXRoDQo+ID4gQkxPQ0spDQo+ID4NCj4gPiBBZHJpYW4sDQo+ID4NCj4gPiBUaGUgdHdvIHBh cmFncmFwaHMgYmVsb3csIHRha2VuIGZyb20gdGhlIGNoYXJ0ZXIsIHRlbGwgeW91IHdoYXQgdGhl DQo+IFdHIHdpbGwgZG86DQo+ID4NCj4gPiAiU3RhcnRpbmcgZnJvbSB0aGUgcHJlbWlzZSB0aGF0 IG1vcmUgY29uc2lzdGVuY3kgaW4gV2ViIHNlY3VyaXR5DQo+ID4gYmVoYXZpb3IgaXMgZGVzaXJh YmxlLCBhIG5hdHVyYWwgZmlyc3Qgc3RlcCBpcyB0byBkb2N1bWVudCBjdXJyZW50DQo+IGFuZA0K PiA+IGhpc3RvcmljIGJyb3dzZXIgYW5kIHNlcnZlciBiZWhhdmlvciwgaW5jbHVkaW5nOiB0aGUg dHJ1c3QgbW9kZWwgb24NCj4gPiB3aGljaCB0aGV5IGFyZSBiYXNlZDsgdGhlIGNvbnRlbnRzIGFu ZCBwcm9jZXNzaW5nIG9mIGZpZWxkcyBhbmQNCj4gPiBleHRlbnNpb25zOyB0aGUgcHJvY2Vzc2lu ZyBvZiB0aGUgdmFyaW91cyByZXZvY2F0aW9uIHNjaGVtZXM7IGFuZCBob3cNCj4gPiB0aGUgVExT IHN0YWNrIGRlYWxzIHdpdGggUEtJLCBpbmNsdWRpbmcgdmFyeWluZyBpbnRlcnByZXRhdGlvbnMg YW5kDQo+ID4gaW1wbGVtZW50YXRpb24gZXJyb3JzLCBhcyB3ZWxsIGFzIHN0YXRlIGNoYW5nZXMg dmlzaWJsZSB0byB0aGUgdXNlci4NCj4gPiBXaGVyZSBhcHByb3ByaWF0ZSwgc3BlY2lmaWMgcHJv ZHVjdHMgYW5kIHNwZWNpZmljIHZlcnNpb25zIG9mIHRob3NlDQo+ID4gcHJvZHVjdHMgd2lsbCBi ZSBpZGVudGlmaWVkLiINCj4gPg0KPiA+ICJGdXR1cmUgYWN0aXZpdGllcyBtYXkgYXR0ZW1wdCB0 byBwcmVzY3JpYmUgaG93IHRoZSBXZWIgUEtJICJzaG91bGQiDQo+ID4gd29yaywgYW5kIHRoZSBw cmVzY3JpcHRpb24gbWF5IHR1cm4gb3V0IHRvIGJlIGEgcHJvcGVyIHN1YnNldCBvZiB0aGUNCj4g PiBQS0lYIFBLSS4gIEhvd2V2ZXIsIHRoYXQgdGFzayBpcyBleHBsaWNpdGx5IG5vdCBhIGdvYWwg b2YgdGhlDQo+IHByb3Bvc2VkDQo+ID4gd29ya2luZyBncm91cC4gIEluc3RlYWQsIHRoZSBncm91 cCdzIGdvYWwgaXMgbWVyZWx5IHRvIGRlc2NyaWJlIGhvdw0KPiA+IHRoZSBXZWIgUEtJICJhY3R1 YWxseSIgd29ya3MgaW4gdGhlIHNldCBvZiBicm93c2VycyBhbmQgc2VydmVycyB0aGF0DQo+ID4g YXJlIGluIGNvbW1vbiB1c2UgdG9kYXkuIg0KPiA+DQo+ID4gSSB3b3VsZG4ndCBmYXVsdCB0aGUg YXV0aG9ycyBmb3IgcHJvdmlkaW5nICJyZWFtcyBvZiBiYWNrZ3JvdW5kDQo+IHRleHQiLg0KPiA+ IFdoZW4gY3JhZnRpbmcgdGhpcyB0ZXh0LCB0aGV5IHdlcmUgdmVyeSBhd2FyZSBvZiB0aGUgZmFj dCB0aGF0IHRoZQ0KPiA+IHdlcmUgd3JpdGluZyB0byBhbiBhdWRpZW5jZSB0aGF0IGhhZCBubyBi YWNrZ3JvdW5kIGluIHRoZSBhcmVhLg0KPiA+DQo+ID4gSWYgeW91IHdhbnQgdG8gdGFrZSBhIGNy YWNrIGF0IHdvcmRzbWl0aGluZyB0aGUgY2hhcnRlciwgZ28gZm9yIGl0Lg0KPiA+DQo+ID4gICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUm9uDQo+ID4NCj4gPg0KPiA+DQo+ID4gPiAt LS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiA+ID4gRnJvbTogaWVzZy1ib3VuY2VzQGlldGYu b3JnIFttYWlsdG86aWVzZy1ib3VuY2VzQGlldGYub3JnXSBPbg0KPiBCZWhhbGYNCj4gPiA+IE9m IEFkcmlhbiBGYXJyZWwNCj4gPiA+IFNlbnQ6IFdlZG5lc2RheSwgSmFudWFyeSAzMCwgMjAxMyA5 OjM3IEFNDQo+ID4gPiBUbzogVGhlIElFU0cNCj4gPiA+IFN1YmplY3Q6IEFkcmlhbiBGYXJyZWwn cyBCbG9jayBvbiBjaGFydGVyLWlldGYtd3Brb3BzLTAwLTAxOiAod2l0aA0KPiA+ID4gQkxPQ0sp DQo+ID4gPg0KPiA+ID4gQWRyaWFuIEZhcnJlbCBoYXMgZW50ZXJlZCB0aGUgZm9sbG93aW5nIGJh bGxvdCBwb3NpdGlvbiBmb3INCj4gPiA+IGNoYXJ0ZXItaWV0Zi13cGtvcHMtMDAtMDE6IEJsb2Nr DQo+ID4gPg0KPiA+ID4gV2hlbiByZXNwb25kaW5nLCBwbGVhc2Uga2VlcCB0aGUgc3ViamVjdCBs aW5lIGludGFjdCBhbmQgcmVwbHkgdG8NCj4gPiA+IGFsbCBlbWFpbCBhZGRyZXNzZXMgaW5jbHVk ZWQgaW4gdGhlIFRvIGFuZCBDQyBsaW5lcy4gKEZlZWwgZnJlZSB0bw0KPiA+ID4gY3V0IHRoaXMg aW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pDQo+ID4gPg0KPiA+ID4NCj4gPiA+DQo+ ID4gPg0KPiA+ID4NCj4gPiA+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4gLQ0KPiA+ID4gLS0NCj4gPiA+IEJMT0NL Og0KPiA+ID4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPiAtDQo+ID4gPiAtLQ0KPiA+ID4NCj4gPiA+IExvb2ssIEkg YW0gaW4gZmF2b3Igb2YgZm9ybWluZyB0aGlzIHdvcmtpbmcgZ3JvdXAsIGJ1dCB0aGlzIGlzIGEN Cj4gPiA+IHJlYWxseSBhd2Z1bCBkcmFmdCBjaGFydGVyISBGYXIgdG9vIG11Y2ggd2FmZmxlLCBh bmQgZmFyIHRvbyBsaXR0bGUNCj4gPiA+IGFib3V0IHdoYXQgdGhlIFdHIHdpbGwgYWN0dWFsbHkg ZG8uDQo+ID4gPg0KPiA+ID4gSSBjb3VsZCBoYXZlIGEgc3RhYiBhdCByZXdyaXRpbmcsIGJ1dCBJ IGRvdWJ0IEkga25vdyB3bm91Z2ggYWJvdXQNCj4gPiA+IHRoZSB0b3BpYyB0byBtYWtlIGEgZ29v ZCBqb2IuDQo+ID4gPg0KPiA+ID4gQ2FuIHNvbWVvbmUgdGVsbCBtZSB0aGF0IHRoZSByZWFtcyBv ZiB0ZXh0IGFyZSBhY3R1YWxseSBuZWVkZWQsIG9yDQo+ID4gPiBjYW4gc29tZW9uZSBwbGVhc2Ug dGFrZSBhbiBheGUgdG8gaXQuDQo+ID4gPg0KPiA+ID4NCj4gPiA+DQo+ID4gPg0KDQo= --_002_2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8BY2PRD0512MB653_ Content-Type: text/plain; name="wpkops.txt" Content-Description: wpkops.txt Content-Disposition: attachment; filename="wpkops.txt"; size=4894; creation-date="Wed, 30 Jan 2013 17:47:12 GMT"; modification-date="Wed, 30 Jan 2013 17:47:12 GMT" Content-ID: <12DA337E8A782E469385CBAF674A69AA@namprd05.prod.outlook.com> Content-Transfer-Encoding: base64 VGhlIFdlYiBQdWJsaWMgS2V5IEluZnJhc3RydWN0dXJlIChQS0kpIGlzIHRoZSBzZXQgb2Ygc3lz dGVtcywNCnBvbGljaWVzLCBhbmQgcHJvY2VkdXJlcyB1c2VkIHRvIHByb3RlY3QgdGhlIGNvbmZp ZGVudGlhbGl0eSwNCmludGVncml0eSwgYW5kIGF1dGhlbnRpY2l0eSBvZiBjb21tdW5pY2F0aW9u cyBiZXR3ZWVuIFdlYg0KYnJvd3NlcnMgYW5kIFdlYiBjb250ZW50IHNlcnZlcnMuICBUaGUgV2Vi IFBLSSBpcyB1c2VkIGluDQpjb25qdW5jdGlvbiB3aXRoIHNlY3VyaXR5IHByb3RvY29scyBzdWNo IGFzIFRMUy9TU0wgYW5kIE9DU1AuDQoNCk1vcmUgc3BlY2lmaWNhbGx5LCB0aGUgV2ViIFBLSSAo YXMgY29uc2lkZXJlZCBoZXJlKSBjb25zaXN0cyBvZg0KdGhlIGZpZWxkcyBpbmNsdWRlZCBpbiB0 aGUgY2VydGlmaWNhdGVzIGlzc3VlZCB0byBXZWIgY29udGVudA0KYW5kIGFwcGxpY2F0aW9uIHBy b3ZpZGVycyBieSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzIChDQXMpLA0KdGhlIGNlcnRpZmlj YXRlIHN0YXR1cyBzZXJ2aWNlcyBwcm92aWRlZCBieSB0aGUgQXV0aG9yaXRpZXMgdG8NCldlYiBi cm93c2VycyBhbmQgdGhlaXIgdXNlcnMsIGFuZCB0aGUgVExTL1NTTCBwcm90b2NvbCBzdGFja3MN CmVtYmVkZGVkIGluIHdlYiBzZXJ2ZXJzIGFuZCBicm93c2Vycy4NCg0KVGhlIFdlYiBQS0kgT3Bl cmF0aW9ucyAod3Brb3BzKSB3b3JraW5nIGdyb3VwIHdpbGwgd29yayB0bw0KaW1wcm92ZSB0aGUg Y29uc2lzdGVuY3kgb2YgV2ViIHNlY3VyaXR5IGJlaGF2aW9yLiAgSXQgd2lsbA0KYWRkcmVzcyB0 aGUgcHJvYmxlbXMgY2F1c2VkIGJ5IHRoZSBtYW55IGh1bmRyZWRzIG9mIHZhcmlhdGlvbnMNCm9m IHRoZSBXZWIgUEtJIGN1cnJlbnRseSBpbiB1c2U6DQoNCi0gRm9yIGVuZC11c2VycyAoaS5lLiBy ZWx5aW5nIHBhcnRpZXMpLCB0aGVyZSBpcyBubyBjbGVhciB2aWV3DQogIG9mIHdoZXRoZXIgY2Vy dGlmaWNhdGUgInByb2JsZW1zIiByZW1haW4gb25jZSB0aGV5IHNlZSBhbg0KICBpbmRpY2F0aW9u IG9mIGEgImdvb2QiIGNvbm5lY3Rpb24uICBGb3IgaW5zdGFuY2UsIGluIHNvbWUNCiAgYnJvd3Nl cnMsIGEgImdvb2QiIGluZGljYXRpb24gaXMgZGlzcGxheWVkIHdoZW4gYSAicmV2b2tlZCINCiAg cmVzcG9uc2UgaGFzIGJlZW4gcmVjZWl2ZWQgYW5kICJhY2NlcHRlZCIgYnkgdGhlIHVzZXIsDQog IHdoZXJlYXMgb3RoZXIgYnJvd3NlcnMgcmVmdXNlIHRvIGRpc3BsYXkgdGhlIGNvbnRlbnRzIHVu ZGVyDQogIHRoZXNlIGNpcmN1bXN0YW5jZXMuDQoNCi0gTWFueSBjZXJ0aWZpY2F0ZSBob2xkZXJz IGFyZSB1bnN1cmUgd2hpY2ggYnJvd3NlciB2ZXJzaW9ucw0KICB3aWxsIHJlamVjdCB0aGVpciBj ZXJ0aWZpY2F0ZSBpZiBjZXJ0YWluIGNlcnRpZmljYXRlIHByb2ZpbGVzDQogIGFyZSBub3QgbWV0 LCBzdWNoIGFzIGEgc3ViamVjdCBwdWJsaWMga2V5IHRoYXQgZG9lcyBub3QNCiAgc2F0aXNmeSBh IG1pbmltdW0ga2V5IHNpemUsIG9yIGEgY2VydGlmaWNhdGUgcG9saWNpZXMNCiAgZXh0ZW5zaW9u IHRoYXQgZG9lcyBub3QgY29udGFpbiBhIHBhcnRpY3VsYXIgc3RhbmRhcmQgcG9saWN5DQogIGlk ZW50aWZpZXIuDQoNCi0gQ2VydGlmaWNhdGUgaXNzdWVycyAoaS5lLiwgQ0FzKSBmaW5kIGl0IGRp ZmZpY3VsdCB0byBwcmVkaWN0DQogIHdoZXRoZXIgYSBjZXJ0aWZpY2F0ZSBjaGFpbiB3aXRoIGNl cnRhaW4gY2hhcmFjdGVyaXN0aWNzIHdpbGwNCiAgYmUgYWNjZXB0ZWQuICBGb3IgaW5zdGFuY2Us IHNvbWUgYnJvd3NlcnMgaW5jbHVkZSBhIG5vbmNlIGluDQogIHRoZWlyIE9DU1AgcmVxdWVzdHMg YW5kIGV4cGVjdCBvbmUgaW4gdGhlIGNvcnJlc3BvbmRpbmcNCiAgcmVzcG9uc2VzLCBub3QgYWxs IHNlcnZlcnMgaW5jbHVkZSBhIG5vbmNlIGluIHRoZWlyIHJlcGxpZXMsDQogIGFuZCB0aGlzIG1l YW5zIHNvbWUgY2VydGlmaWNhdGUgY2hhaW5zIHdpbGwgdmFsaWRhdGUgd2hpbGUNCiAgb3RoZXJz IHdvbid0Lg0KDQpUaGUgd29ya2luZyBncm91cCdzIGdvYWwgaXMgdG8gZGVzY3JpYmUgaG93IHRo ZSBXZWIgUEtJDQoiYWN0dWFsbHkiIHdvcmtzIGluIHRoZSBzZXQgb2YgYnJvd3NlcnMgYW5kIHNl cnZlcnMgdGhhdCBhcmUgaW4NCmNvbW1vbiB1c2UgdG9kYXkuICBUbyB0aGF0IGVuZCwgdGhlIHdv cmtpbmcgZ3JvdXAgd2lsbCBkb2N1bWVudA0KY3VycmVudCBhbmQgaGlzdG9yaWMgYnJvd3NlciBh bmQgc2VydmVyIGJlaGF2aW9yLiAgRm9yIGVhY2gNCnRoaXMgd2lsbCBpbmNsdWRlOg0KDQotIFRo ZSB0cnVzdCBtb2RlbCBvbiB3aGljaCBpdCBpcyBiYXNlZDsNCi0gVGhlIGNvbnRlbnRzIGFuZCBw cm9jZXNzaW5nIG9mIGZpZWxkcyBhbmQgZXh0ZW5zaW9uczsNCi0gVGhlIHByb2Nlc3Npbmcgb2Yg dGhlIHZhcmlvdXMgcmV2b2NhdGlvbiBzY2hlbWVzOw0KLSBIb3cgdGhlIFRMUyBzdGFjayBkZWFs cyB3aXRoIFBLSSwgaW5jbHVkaW5nIHZhcnlpbmcNCiAgaW50ZXJwcmV0YXRpb25zIGFuZCBpbXBs ZW1lbnRhdGlvbiBlcnJvcnMsIGFzIHdlbGwgYXMgc3RhdGUNCiAgY2hhbmdlcyB2aXNpYmxlIHRv IHRoZSB1c2VyLg0KLSBUaGUgc3RhdGUgY2hhbmdlcyB0aGF0IGFyZSB2aXNpYmxlIHRvIGFuZC9v ciBjb250cm9sbGVkIGJ5DQogIHRoZSB1c2VyICh0byBoZWxwIHByZWRpY3QgdGhlIGRlY2lzaW9u cyB0aGF0IHdpbGwgYmUgbWFkZSB0aGUNCiAgdXNlcnMgYW5kIHNvIGRldGVybWluZSB0aGUgZWZm ZWN0aXZlbmVzcyBvZiB0aGUgV2ViIFBLSSkuDQotIElkZW50aWZpY2F0aW9uIG9mIHdoZW4gV2Vi IFBLSSBtZWNoYW5pc21zIGFyZSByZXVzZWQgYnkgb3RoZXINCiAgYXBwbGljYXRpb25zIGFuZCBp bXBsaWNhdGlvbnMgb2YgdGhhdCByZXVzZS4NCg0KV2hlcmUgYXBwcm9wcmlhdGUsIHNwZWNpZmlj IHByb2R1Y3RzIGFuZCBzcGVjaWZpYyB2ZXJzaW9ucyBvZg0KdGhvc2UgcHJvZHVjdHMgd2lsbCBi ZSBpZGVudGlmaWVkLCBidXQgcmVjb3JkaW5nIHRoZSBkZXNpZ24NCmRldGFpbHMgb2YgdGhlIHVz ZXIgaW50ZXJmYWNlcyBvZiBzcGVjaWZpYyBwcm9kdWN0cyBpcyBub3QNCm5lY2Vzc2FyeS4NCg0K T25seSBzZXJ2ZXItYXV0aGVudGljYXRpb24gYmVoYXZpb3IgZW5jb3VudGVyZWQgaW4gbW9yZSB0 aGFuIDAuMQ0KcGVyY2VudCBvZiBjb25uZWN0aW9ucyBtYWRlIGJ5IGRlc2t0b3AgYW5kIG1vYmls ZSBicm93c2VycyBpcyB0bw0KYmUgY29uc2lkZXJlZC4gIFdoaWxlIGl0IGlzIG5vdCBpbnRlbmRl ZCB0byBhcHBseSB0aGUgdGhyZXNob2xkDQp3aXRoIGFueSBwcmVjaXNpb24sIGl0IHdpbGwgYmUg dXNlZCB0byBqdXN0aWZ5IHRoZSBpbmNsdXNpb24gb3INCmV4Y2x1c2lvbiBvZiBhIHRlY2huaXF1 ZS4NCg0KQSBudW1iZXIgb2YgYWN0aXZpdGllcyBhcmUgb3V0c2lkZSB0aGUgaW1tZWRhaWF0ZSBz Y29wZSBvZiB0aGlzDQp3b3JraW5nIGdyb3VwLCBidXQgbWlnaHQgYmUgY29uc2lkZXJlZCBpbiBm dXR1cmUgcmUtY2hhcnRlcmluZw0KYWN0aXZpdHkgb3IgaW5jbHVkZWQgaW4gdGhlIHdvcmsgb2Yg b3RoZXIgd29ya2luZyBncm91cHM6DQoNCi0gVGhlIHdvcmtpbmcgZ3JvdXAgd2lsbCBub3Qgd29y ayB0byBkZXNjcmliZSBob3cgdGh3IFdlYiBQS0kNCiAgInNob3VsZCB3b3JrLg0KLSBUaGUgd29y a2luZyBncm91cCB3aWxsIG5vdCBleGFtaW5lIHRoZSBjZXJ0aWZpY2F0aW9uDQogIHByYWN0aWNl cyBvZiBjZXJ0aWZpY2F0ZSBpc3N1ZXJzLg0KLSBUaGUgd29ya2luZyBncm91cCB3aWxsIG5vdCBp bnZlc3RpZ2F0ZSBhcHBsaWNhdGlvbnMgKHN1Y2ggYXMNCiAgY2xpZW50IGF1dGhlbnRpY2F0aW9u LCBkb2N1bWVudCBzaWduaW5nLCBjb2RlIHNpZ25pbmcsIGFuZA0KICBlbWFpbCkgdGhhdCBvZnRl biB1c2UgdGhlIHNhbWUgdHJ1c3QgYW5jaG9ycyBhbmQgY2VydGlmaWNhdGUNCiAgcHJvY2Vzc2lu ZyBtZWNoYW5pc21zIGFzIHRob3NlIHVzZWQgZm9yIFdlYiBzZXJ2ZXINCiAgYXV0aGVudGljYXRp b24uDQoNCkdpdmVuIHRoZSB1cmdlbmN5IG9mIHRoZSByZXF1aXJlZCBkZXZlbG9wbWVudHMgYW5k IHRoZSBzY2FsZSBvZg0KdGhlIHRhc2ssIGl0IGlzIGFncmVlZCB0aGF0IGFkaGVyZW5jZSB0byB0 aGUgcHVibGlzaGVkDQptaWxlc3RvbmVzIHdpbGwgdGFrZSBwcmVjZWRlbmNlIG92ZXIgY29tcGxl dGVuZXNzIG9mIHRoZQ0KcmVzdWx0cywgd2l0aG91dCBzYWNyaWZpY2luZyB0ZWNobmljYWwgY29y cmVjdG5lc3MuDQoNCk1pbGVzdG9uZXMNCj09PT09PT09PT0NCjEuIEZpcnN0IFdHIGRyYWZ0IG9m ICJ0cnVzdCBtb2RlbCIgZG9jdW1lbnQgKDQgbW9udGhzKS4NCjIuIEZpcnN0IFdHIGRyYWZ0IG9m ICJmaWVsZCBhbmQgZXh0ZW5zaW9uIHByb2Nlc3NpbmcgZm9yDQogICBjZXJ0aWZpY2F0ZXMsIENS THMsIGFuZCBPQ1NQIHJlc3BvbnNlcyIgZG9jdW1lbnQgKDEyIG1vbnRocykuDQozLiBGaXJzdCBX RyBkcmFmdCBvZiAiY2VydGlmaWNhdGUgcmV2b2NhdGlvbiIgZG9jdW1lbnQgKDggbW9udGhzKS4N CjQuIEZpcnN0IFdHIGRyYWZ0IG9mICJUTFMgc3RhY2sgb3BlcmF0aW9uIiBkb2N1bWVudCAoOCBt b250aHMpLg0KNS4gSUVTRyBzdWJtaXNzaW9uIG9mICJ0cnVzdCBtb2RlbCIgZG9jdW1lbnQgKDE2 IG1vbnRocykuDQo2LiBJRVNHIHN1Ym1pc3Npb24gb2YgImZpZWxkIGFuZCBleHRlbnNpb24gcHJv Y2Vzc2luZyBmb3INCiAgIGNlcnRpZmljYXRlcywgQ1JMcywgYW5kIE9DU1AgcmVzcG9uc2VzIiBk b2N1bWVudCAoMjQgbW9udGhzKS4NCjcuIElFU0cgc3VibWlzc2lvbiBvZiAiY2VydGlmaWNhdGUg cmV2b2NhdGlvbiIgZG9jdW1lbnQgKDIwDQogICBtb250aHMpLg0KOC4gSUVTRyBzdWJtaXNzaW9u IG9mICJUTFMgc3RhY2sgb3BlcmF0aW9uIiBkb2N1bWVudCAoMTYgbW9udGhzKS4NCg== --_002_2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8BY2PRD0512MB653_-- From hannes.tschofenig@gmx.net Wed Jan 30 23:10:33 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC7B321F86A8 for ; Wed, 30 Jan 2013 23:10:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.209 X-Spam-Level: X-Spam-Status: No, score=-102.209 tagged_above=-999 required=5 tests=[AWL=0.390, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WEcpPTc-sIbW for ; Wed, 30 Jan 2013 23:10:32 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by ietfa.amsl.com (Postfix) with ESMTP id 9B92021F86C5 for ; Wed, 30 Jan 2013 23:10:32 -0800 (PST) Received: from mailout-de.gmx.net ([10.1.76.29]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0M1Cbu-1UpbUM1vKK-00t9Z9 for ; Thu, 31 Jan 2013 08:10:22 +0100 Received: (qmail invoked by alias); 31 Jan 2013 07:10:22 -0000 Received: from a88-115-219-140.elisa-laajakaista.fi (EHLO [192.168.100.100]) [88.115.219.140] by mail.gmx.net (mp029) with SMTP; 31 Jan 2013 08:10:22 +0100 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX1/QxUFp1cTQgeYRrUrj6tvhlJ7WRICGMZoRzWW22s JrqOgpbwsX77WL Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Hannes Tschofenig In-Reply-To: <2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8@BY2PRD0512MB653.namprd05.prod.outlook.com> Date: Thu, 31 Jan 2013 09:07:39 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <8E796CE1-495A-4FFE-8172-54308799196D@gmx.net> References: <2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8@BY2PRD0512MB653.namprd05.prod.outlook.com> To: Ronald Bonica X-Mailer: Apple Mail (2.1085) X-Y-GMX-Trusted: 0 Cc: "adrian@olddog.co.uk" , Hannes Tschofenig , "wpkops@ietf.org" Subject: Re: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2013 07:10:33 -0000 Hi Ron, Hi Adrian,=20 I am curious what the blocking objection is when the text that Adrian = proposes does not in any way change the charter.=20 Ciao Hannes On Jan 30, 2013, at 10:06 PM, Ronald Bonica wrote: > Folks, >=20 > Adrian Farrel has posted a blocking objection to the proposed WPKOPS = charter and offered alternative text (attached). IMHO, the text that = Adrian proposes does not in any way change the WG's charter.=20 >=20 > Does anyone object to using Adrian's alternative text? >=20 > Ron >=20 >> -----Original Message----- >> From: Adrian Farrel [mailto:adrian@olddog.co.uk] >> Sent: Wednesday, January 30, 2013 12:47 PM >> To: Ronald Bonica; 'The IESG' >> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00-01: = (with >> BLOCK) >>=20 >> Alright Ron, >>=20 >> How does the attached look? I believe I have captured all of the WG >> actions, and all of the out of scope items. >>=20 >> But I have also tried to remove a lot of the explanation and history. = I >> can believe this is interesting, but not that it belongs in the >> charter. >>=20 >> If it is no good, throw it out and I will probably Noobj the charter >> (given the "urgency" :-) >>=20 >> A >>=20 >>> -----Original Message----- >>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On Behalf >>> Of Ronald Bonica >>> Sent: 30 January 2013 15:12 >>> To: Adrian Farrel; The IESG >>> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00-01: >> (with >>> BLOCK) >>>=20 >>> Adrian, >>>=20 >>> The two paragraphs below, taken from the charter, tell you what the >> WG will do: >>>=20 >>> "Starting from the premise that more consistency in Web security >>> behavior is desirable, a natural first step is to document current >> and >>> historic browser and server behavior, including: the trust model on >>> which they are based; the contents and processing of fields and >>> extensions; the processing of the various revocation schemes; and = how >>> the TLS stack deals with PKI, including varying interpretations and >>> implementation errors, as well as state changes visible to the user. >>> Where appropriate, specific products and specific versions of those >>> products will be identified." >>>=20 >>> "Future activities may attempt to prescribe how the Web PKI "should" >>> work, and the prescription may turn out to be a proper subset of the >>> PKIX PKI. However, that task is explicitly not a goal of the >> proposed >>> working group. Instead, the group's goal is merely to describe how >>> the Web PKI "actually" works in the set of browsers and servers that >>> are in common use today." >>>=20 >>> I wouldn't fault the authors for providing "reams of background >> text". >>> When crafting this text, they were very aware of the fact that the >>> were writing to an audience that had no background in the area. >>>=20 >>> If you want to take a crack at wordsmithing the charter, go for it. >>>=20 >>> Ron >>>=20 >>>=20 >>>=20 >>>> -----Original Message----- >>>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On >> Behalf >>>> Of Adrian Farrel >>>> Sent: Wednesday, January 30, 2013 9:37 AM >>>> To: The IESG >>>> Subject: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with >>>> BLOCK) >>>>=20 >>>> Adrian Farrel has entered the following ballot position for >>>> charter-ietf-wpkops-00-01: Block >>>>=20 >>>> When responding, please keep the subject line intact and reply to >>>> all email addresses included in the To and CC lines. (Feel free to >>>> cut this introductory paragraph, however.) >>>>=20 >>>>=20 >>>>=20 >>>>=20 >>>>=20 >>>> ------------------------------------------------------------------- >> - >>>> -- >>>> BLOCK: >>>> ------------------------------------------------------------------- >> - >>>> -- >>>>=20 >>>> Look, I am in favor of forming this working group, but this is a >>>> really awful draft charter! Far too much waffle, and far too little >>>> about what the WG will actually do. >>>>=20 >>>> I could have a stab at rewriting, but I doubt I know wnough about >>>> the topic to make a good job. >>>>=20 >>>> Can someone tell me that the reams of text are actually needed, or >>>> can someone please take an axe to it. >>>>=20 >>>>=20 >>>>=20 >>>>=20 >=20 > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops From adrian@olddog.co.uk Thu Jan 31 00:47:10 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D45621F8319 for ; Thu, 31 Jan 2013 00:47:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.556 X-Spam-Level: X-Spam-Status: No, score=-2.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5iQWb0pTZIOo for ; Thu, 31 Jan 2013 00:47:09 -0800 (PST) Received: from asmtp2.iomartmail.com (asmtp2.iomartmail.com [62.128.201.249]) by ietfa.amsl.com (Postfix) with ESMTP id 6BCFC21F8235 for ; Thu, 31 Jan 2013 00:47:06 -0800 (PST) Received: from asmtp2.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id r0V8l3Zu003546; Thu, 31 Jan 2013 08:47:03 GMT Received: from 950129200 (83-215-186-5.stjo.dyn.salzburg-online.at [83.215.186.5]) (authenticated bits=0) by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id r0V8l2jO003533 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 31 Jan 2013 08:47:02 GMT From: "Adrian Farrel" To: "'Hannes Tschofenig'" , "'Ronald Bonica'" References: <2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8@BY2PRD0512MB653.namprd05.prod.outlook.com> <8E796CE1-495A-4FFE-8172-54308799196D@gmx.net> In-Reply-To: <8E796CE1-495A-4FFE-8172-54308799196D@gmx.net> Date: Thu, 31 Jan 2013 08:47:01 -0000 Message-ID: <022501cdff8f$8a174740$9e45d5c0$@olddog.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQIoY83A4lzUq/onPP+ySWAMPLWm/AI8it0sl5xvY/A= Content-Language: en-gb Cc: wpkops@ietf.org Subject: Re: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: adrian@olddog.co.uk List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2013 08:47:10 -0000 Hannes, For whatever reason, the IESG has YES, BLOCK, and NO OBJECTION for charter evaluation. BLOCK takes the same position as DISCUSS for an I-D. In my case, I wanted to Discuss the charter text with the sponsoring AD (see my note at the foot of this thread). The original draft charter very nearly didn't actually mention the working group, but had lots of good words about Web PKI, how it is used, and what the problems are. While it is helpful to have some background and motivation, I believe it is move valuable to describe the work that the working group will do. In my re-draft I have tried to retain some of the background, but to reorganise the text so that it more pithily describes the working group. I present it as an offering at your altar, not as a mandatory change. I don't want to get in the way of the formation of this WG, but I would like to use the week remaining before the IESG telechat to try to get a better charter. If the mailing list says "We spent a lot of effort crafting the current text. We like it. It is good" then I am likely to back down. Cheers, Adrian > -----Original Message----- > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] > Sent: 31 January 2013 07:08 > To: Ronald Bonica > Cc: Hannes Tschofenig; wpkops@ietf.org; adrian@olddog.co.uk > Subject: Re: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops-00-01: > (with BLOCK) > > Hi Ron, Hi Adrian, > > I am curious what the blocking objection is when the text that Adrian proposes > does not in any way change the charter. > > Ciao > Hannes > > On Jan 30, 2013, at 10:06 PM, Ronald Bonica wrote: > > > Folks, > > > > Adrian Farrel has posted a blocking objection to the proposed WPKOPS charter > and offered alternative text (attached). IMHO, the text that Adrian proposes > does not in any way change the WG's charter. > > > > Does anyone object to using Adrian's alternative text? > > > > Ron > > > >> -----Original Message----- > >> From: Adrian Farrel [mailto:adrian@olddog.co.uk] > >> Sent: Wednesday, January 30, 2013 12:47 PM > >> To: Ronald Bonica; 'The IESG' > >> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with > >> BLOCK) > >> > >> Alright Ron, > >> > >> How does the attached look? I believe I have captured all of the WG > >> actions, and all of the out of scope items. > >> > >> But I have also tried to remove a lot of the explanation and history. I > >> can believe this is interesting, but not that it belongs in the > >> charter. > >> > >> If it is no good, throw it out and I will probably Noobj the charter > >> (given the "urgency" :-) > >> > >> A > >> > >>> -----Original Message----- > >>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On Behalf > >>> Of Ronald Bonica > >>> Sent: 30 January 2013 15:12 > >>> To: Adrian Farrel; The IESG > >>> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00-01: > >> (with > >>> BLOCK) > >>> > >>> Adrian, > >>> > >>> The two paragraphs below, taken from the charter, tell you what the > >> WG will do: > >>> > >>> "Starting from the premise that more consistency in Web security > >>> behavior is desirable, a natural first step is to document current > >> and > >>> historic browser and server behavior, including: the trust model on > >>> which they are based; the contents and processing of fields and > >>> extensions; the processing of the various revocation schemes; and how > >>> the TLS stack deals with PKI, including varying interpretations and > >>> implementation errors, as well as state changes visible to the user. > >>> Where appropriate, specific products and specific versions of those > >>> products will be identified." > >>> > >>> "Future activities may attempt to prescribe how the Web PKI "should" > >>> work, and the prescription may turn out to be a proper subset of the > >>> PKIX PKI. However, that task is explicitly not a goal of the > >> proposed > >>> working group. Instead, the group's goal is merely to describe how > >>> the Web PKI "actually" works in the set of browsers and servers that > >>> are in common use today." > >>> > >>> I wouldn't fault the authors for providing "reams of background > >> text". > >>> When crafting this text, they were very aware of the fact that the > >>> were writing to an audience that had no background in the area. > >>> > >>> If you want to take a crack at wordsmithing the charter, go for it. > >>> > >>> Ron > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On > >> Behalf > >>>> Of Adrian Farrel > >>>> Sent: Wednesday, January 30, 2013 9:37 AM > >>>> To: The IESG > >>>> Subject: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with > >>>> BLOCK) > >>>> > >>>> Adrian Farrel has entered the following ballot position for > >>>> charter-ietf-wpkops-00-01: Block > >>>> > >>>> When responding, please keep the subject line intact and reply to > >>>> all email addresses included in the To and CC lines. (Feel free to > >>>> cut this introductory paragraph, however.) > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> ------------------------------------------------------------------- > >> - > >>>> -- > >>>> BLOCK: > >>>> ------------------------------------------------------------------- > >> - > >>>> -- > >>>> > >>>> Look, I am in favor of forming this working group, but this is a > >>>> really awful draft charter! Far too much waffle, and far too little > >>>> about what the WG will actually do. > >>>> > >>>> I could have a stab at rewriting, but I doubt I know wnough about > >>>> the topic to make a good job. > >>>> > >>>> Can someone tell me that the reams of text are actually needed, or > >>>> can someone please take an axe to it. > >>>> > >>>> > >>>> > >>>> > > > > _______________________________________________ > > wpkops mailing list > > wpkops@ietf.org > > https://www.ietf.org/mailman/listinfo/wpkops From rbonica@juniper.net Thu Jan 31 07:16:31 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A735C21F851F for ; Thu, 31 Jan 2013 07:16:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.316 X-Spam-Level: X-Spam-Status: No, score=-103.316 tagged_above=-999 required=5 tests=[AWL=0.151, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LpFaNDs28U09 for ; Thu, 31 Jan 2013 07:16:31 -0800 (PST) Received: from exprod7og101.obsmtp.com (exprod7og101.obsmtp.com [64.18.2.155]) by ietfa.amsl.com (Postfix) with ESMTP id DAA4721F84E8 for ; Thu, 31 Jan 2013 07:16:30 -0800 (PST) Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob101.postini.com ([64.18.6.12]) with SMTP ID DSNKUQqKzlV7407zvZM09LiZ6vqXLgQHM+0a@postini.com; Thu, 31 Jan 2013 07:16:30 PST Received: from P-CLDFE02-HQ.jnpr.net (172.24.192.60) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 31 Jan 2013 07:14:05 -0800 Received: from o365mail.juniper.net (207.17.137.149) by o365mail.juniper.net (172.24.192.60) with Microsoft SMTP Server id 14.1.355.2; Thu, 31 Jan 2013 07:14:05 -0800 Received: from ch1outboundpool.messaging.microsoft.com (216.32.181.185) by o365mail.juniper.net (207.17.137.149) with Microsoft SMTP Server (TLS) id 14.1.355.2; Thu, 31 Jan 2013 07:16:17 -0800 Received: from mail49-ch1-R.bigfish.com (10.43.68.234) by CH1EHSOBE003.bigfish.com (10.43.70.53) with Microsoft SMTP Server id 14.1.225.23; Thu, 31 Jan 2013 15:14:04 +0000 Received: from mail49-ch1 (localhost [127.0.0.1]) by mail49-ch1-R.bigfish.com (Postfix) with ESMTP id 2289A10038A for ; Thu, 31 Jan 2013 15:14:04 +0000 (UTC) X-Forefront-Antispam-Report: CIP:157.56.238.5; KIP:(null); UIP:(null); (null); H:BY2PRD0512HT004.namprd05.prod.outlook.com; R:internal; EFV:INT X-SpamScore: -25 X-BigFish: PS-25(zz98dI9371I1454I542I1432Izz1ee6h1de0h1202h1e76h1d1ah1d2ahzz1033IL8275dhz2dh2a8h668h839h944hd25hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h1155h) Received: from mail49-ch1 (localhost.localdomain [127.0.0.1]) by mail49-ch1 (MessageSwitch) id 1359645241887240_13459; Thu, 31 Jan 2013 15:14:01 +0000 (UTC) Received: from CH1EHSMHS009.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.238]) by mail49-ch1.bigfish.com (Postfix) with ESMTP id D6BD412004F; Thu, 31 Jan 2013 15:14:01 +0000 (UTC) Received: from BY2PRD0512HT004.namprd05.prod.outlook.com (157.56.238.5) by CH1EHSMHS009.bigfish.com (10.43.70.9) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 31 Jan 2013 15:14:01 +0000 Received: from BY2PRD0512MB653.namprd05.prod.outlook.com ([169.254.5.58]) by BY2PRD0512HT004.namprd05.prod.outlook.com ([10.255.243.37]) with mapi id 14.16.0263.000; Thu, 31 Jan 2013 15:14:01 +0000 From: Ronald Bonica To: Hannes Tschofenig Thread-Topic: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) Thread-Index: AQHN/vdN2UfgvAZum06YFXMSILhrUphh+AwQgAAtlICAACWwoIAAuhCAgACHzsA= Date: Thu, 31 Jan 2013 15:14:00 +0000 Message-ID: <2CF4CB03E2AA464BA0982EC92A02CE2501E60BF7@BY2PRD0512MB653.namprd05.prod.outlook.com> References: <2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8@BY2PRD0512MB653.namprd05.prod.outlook.com> <8E796CE1-495A-4FFE-8172-54308799196D@gmx.net> In-Reply-To: <8E796CE1-495A-4FFE-8172-54308799196D@gmx.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [66.129.224.51] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%12219$Dn%GMX.NET$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net X-FOPE-CONNECTOR: Id%12219$Dn%IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net X-FOPE-CONNECTOR: Id%12219$Dn%OLDDOG.CO.UK$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net Cc: "adrian@olddog.co.uk" , "wpkops@ietf.org" Subject: Re: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2013 15:16:31 -0000 Me too! > -----Original Message----- > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] > Sent: Thursday, January 31, 2013 2:08 AM > To: Ronald Bonica > Cc: Hannes Tschofenig; wpkops@ietf.org; adrian@olddog.co.uk > Subject: Re: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops- > 00-01: (with BLOCK) >=20 > Hi Ron, Hi Adrian, >=20 > I am curious what the blocking objection is when the text that Adrian > proposes does not in any way change the charter. >=20 > Ciao > Hannes >=20 > On Jan 30, 2013, at 10:06 PM, Ronald Bonica wrote: >=20 > > Folks, > > > > Adrian Farrel has posted a blocking objection to the proposed WPKOPS > charter and offered alternative text (attached). IMHO, the text that > Adrian proposes does not in any way change the WG's charter. > > > > Does anyone object to using Adrian's alternative text? > > > > Ron > > > >> -----Original Message----- > >> From: Adrian Farrel [mailto:adrian@olddog.co.uk] > >> Sent: Wednesday, January 30, 2013 12:47 PM > >> To: Ronald Bonica; 'The IESG' > >> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00-01: > >> (with > >> BLOCK) > >> > >> Alright Ron, > >> > >> How does the attached look? I believe I have captured all of the WG > >> actions, and all of the out of scope items. > >> > >> But I have also tried to remove a lot of the explanation and > history. > >> I can believe this is interesting, but not that it belongs in the > >> charter. > >> > >> If it is no good, throw it out and I will probably Noobj the charter > >> (given the "urgency" :-) > >> > >> A > >> > >>> -----Original Message----- > >>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On > Behalf > >>> Of Ronald Bonica > >>> Sent: 30 January 2013 15:12 > >>> To: Adrian Farrel; The IESG > >>> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00-01: > >> (with > >>> BLOCK) > >>> > >>> Adrian, > >>> > >>> The two paragraphs below, taken from the charter, tell you what the > >> WG will do: > >>> > >>> "Starting from the premise that more consistency in Web security > >>> behavior is desirable, a natural first step is to document current > >> and > >>> historic browser and server behavior, including: the trust model on > >>> which they are based; the contents and processing of fields and > >>> extensions; the processing of the various revocation schemes; and > >>> how the TLS stack deals with PKI, including varying interpretations > >>> and implementation errors, as well as state changes visible to the > user. > >>> Where appropriate, specific products and specific versions of those > >>> products will be identified." > >>> > >>> "Future activities may attempt to prescribe how the Web PKI > "should" > >>> work, and the prescription may turn out to be a proper subset of > the > >>> PKIX PKI. However, that task is explicitly not a goal of the > >> proposed > >>> working group. Instead, the group's goal is merely to describe how > >>> the Web PKI "actually" works in the set of browsers and servers > that > >>> are in common use today." > >>> > >>> I wouldn't fault the authors for providing "reams of background > >> text". > >>> When crafting this text, they were very aware of the fact that the > >>> were writing to an audience that had no background in the area. > >>> > >>> If you want to take a crack at wordsmithing the charter, go for it. > >>> > >>> Ron > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On > >> Behalf > >>>> Of Adrian Farrel > >>>> Sent: Wednesday, January 30, 2013 9:37 AM > >>>> To: The IESG > >>>> Subject: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with > >>>> BLOCK) > >>>> > >>>> Adrian Farrel has entered the following ballot position for > >>>> charter-ietf-wpkops-00-01: Block > >>>> > >>>> When responding, please keep the subject line intact and reply to > >>>> all email addresses included in the To and CC lines. (Feel free to > >>>> cut this introductory paragraph, however.) > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> ------------------------------------------------------------------ > - > >> - > >>>> -- > >>>> BLOCK: > >>>> ------------------------------------------------------------------ > - > >> - > >>>> -- > >>>> > >>>> Look, I am in favor of forming this working group, but this is a > >>>> really awful draft charter! Far too much waffle, and far too > little > >>>> about what the WG will actually do. > >>>> > >>>> I could have a stab at rewriting, but I doubt I know wnough about > >>>> the topic to make a good job. > >>>> > >>>> Can someone tell me that the reams of text are actually needed, or > >>>> can someone please take an axe to it. > >>>> > >>>> > >>>> > >>>> > > > > _______________________________________________ > > wpkops mailing list > > wpkops@ietf.org > > https://www.ietf.org/mailman/listinfo/wpkops >=20 From paul.hoffman@vpnc.org Thu Jan 31 07:38:25 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E5FC21F854B for ; Thu, 31 Jan 2013 07:38:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.599 X-Spam-Level: X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQJQdkXrGvEh for ; Thu, 31 Jan 2013 07:38:25 -0800 (PST) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 183D821F8476 for ; Thu, 31 Jan 2013 07:38:25 -0800 (PST) Received: from [10.20.30.90] (50-1-98-243.dsl.dynamic.sonic.net [50.1.98.243]) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.5) with ESMTP id r0VFcK8n005604 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 31 Jan 2013 08:38:20 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 $1499$) From: Paul Hoffman In-Reply-To: <022501cdff8f$8a174740$9e45d5c0$@olddog.co.uk> Date: Thu, 31 Jan 2013 07:38:20 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8@BY2PRD0512MB653.namprd05.prod.outlook.com> <8E796CE1-495A-4FFE-8172-54308799196D@gmx.net> <022501cdff8f$8a174740$9e45d5c0$@olddog.co.uk> To: adrian@olddog.co.uk X-Mailer: Apple Mail (2.1499) Cc: 'Ronald Bonica' , 'Hannes Tschofenig' , wpkops@ietf.org Subject: Re: [wpkops] Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2013 15:38:25 -0000 On Jan 31, 2013, at 12:47 AM, Adrian Farrel wrote: > In my re-draft I have tried to retain some of the background, but to = reorganise > the text so that it more pithily describes the working group. That is appropriate for a WG charter. It is especially appropriate here = because the WG is not developing protocols. > I present it as an offering at your altar, not as a mandatory change. = I don't > want to get in the way of the formation of this WG, but I would like = to use the > week remaining before the IESG telechat to try to get a better = charter. If the > mailing list says "We spent a lot of effort crafting the current text. = We like > it. It is good" then I am likely to back down. We did not spend much effort crafting the current text, as can be seen = from the short length of the BoF archives. I think Adrian's proposal is better than the original because it lets = people not yet active in the WG know better what the WG is supposed to = be doing. --Paul Hoffman= From adrian@olddog.co.uk Thu Jan 31 07:40:00 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 446CB21F854D for ; Thu, 31 Jan 2013 07:40:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.561 X-Spam-Level: X-Spam-Status: No, score=-2.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TfaCY03u8c4q for ; Thu, 31 Jan 2013 07:39:59 -0800 (PST) Received: from asmtp4.iomartmail.com (asmtp4.iomartmail.com [62.128.201.175]) by ietfa.amsl.com (Postfix) with ESMTP id 19FDA21F854B for ; Thu, 31 Jan 2013 07:39:58 -0800 (PST) Received: from asmtp4.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id r0VFdthL014231; Thu, 31 Jan 2013 15:39:56 GMT Received: from 950129200 (83-215-186-5.stjo.dyn.salzburg-online.at [83.215.186.5]) (authenticated bits=0) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id r0VFdsmQ014207 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 31 Jan 2013 15:39:55 GMT From: "Adrian Farrel" To: "'Ronald Bonica'" , "'Hannes Tschofenig'" References: <2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8@BY2PRD0512MB653.namprd05.prod.outlook.com> <8E796CE1-495A-4FFE-8172-54308799196D@gmx.net> <2CF4CB03E2AA464BA0982EC92A02CE2501E60BF7@BY2PRD0512MB653.namprd05.prod.outlook.com> In-Reply-To: <2CF4CB03E2AA464BA0982EC92A02CE2501E60BF7@BY2PRD0512MB653.namprd05.prod.outlook.com> Date: Thu, 31 Jan 2013 15:39:53 -0000 Message-ID: <009001cdffc9$37ae1f80$a70a5e80$@olddog.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQIoY83A4lzUq/onPP+ySWAMPLWm/AI8it0sAzA6YFWXg2R6kA== Content-Language: en-gb Cc: wpkops@ietf.org Subject: Re: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: adrian@olddog.co.uk List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2013 15:40:00 -0000 I think my answer to Ron is probably identical to my answer to Hannes, so I am not going to retype it. A > -----Original Message----- > From: Ronald Bonica [mailto:rbonica@juniper.net] > Sent: 31 January 2013 15:14 > To: Hannes Tschofenig > Cc: wpkops@ietf.org; adrian@olddog.co.uk > Subject: RE: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops-00-01: > (with BLOCK) > > > Me too! > > > > -----Original Message----- > > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] > > Sent: Thursday, January 31, 2013 2:08 AM > > To: Ronald Bonica > > Cc: Hannes Tschofenig; wpkops@ietf.org; adrian@olddog.co.uk > > Subject: Re: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops- > > 00-01: (with BLOCK) > > > > Hi Ron, Hi Adrian, > > > > I am curious what the blocking objection is when the text that Adrian > > proposes does not in any way change the charter. > > > > Ciao > > Hannes > > > > On Jan 30, 2013, at 10:06 PM, Ronald Bonica wrote: > > > > > Folks, > > > > > > Adrian Farrel has posted a blocking objection to the proposed WPKOPS > > charter and offered alternative text (attached). IMHO, the text that > > Adrian proposes does not in any way change the WG's charter. > > > > > > Does anyone object to using Adrian's alternative text? > > > > > > Ron > > > > > >> -----Original Message----- > > >> From: Adrian Farrel [mailto:adrian@olddog.co.uk] > > >> Sent: Wednesday, January 30, 2013 12:47 PM > > >> To: Ronald Bonica; 'The IESG' > > >> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00-01: > > >> (with > > >> BLOCK) > > >> > > >> Alright Ron, > > >> > > >> How does the attached look? I believe I have captured all of the WG > > >> actions, and all of the out of scope items. > > >> > > >> But I have also tried to remove a lot of the explanation and > > history. > > >> I can believe this is interesting, but not that it belongs in the > > >> charter. > > >> > > >> If it is no good, throw it out and I will probably Noobj the charter > > >> (given the "urgency" :-) > > >> > > >> A > > >> > > >>> -----Original Message----- > > >>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On > > Behalf > > >>> Of Ronald Bonica > > >>> Sent: 30 January 2013 15:12 > > >>> To: Adrian Farrel; The IESG > > >>> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00-01: > > >> (with > > >>> BLOCK) > > >>> > > >>> Adrian, > > >>> > > >>> The two paragraphs below, taken from the charter, tell you what the > > >> WG will do: > > >>> > > >>> "Starting from the premise that more consistency in Web security > > >>> behavior is desirable, a natural first step is to document current > > >> and > > >>> historic browser and server behavior, including: the trust model on > > >>> which they are based; the contents and processing of fields and > > >>> extensions; the processing of the various revocation schemes; and > > >>> how the TLS stack deals with PKI, including varying interpretations > > >>> and implementation errors, as well as state changes visible to the > > user. > > >>> Where appropriate, specific products and specific versions of those > > >>> products will be identified." > > >>> > > >>> "Future activities may attempt to prescribe how the Web PKI > > "should" > > >>> work, and the prescription may turn out to be a proper subset of > > the > > >>> PKIX PKI. However, that task is explicitly not a goal of the > > >> proposed > > >>> working group. Instead, the group's goal is merely to describe how > > >>> the Web PKI "actually" works in the set of browsers and servers > > that > > >>> are in common use today." > > >>> > > >>> I wouldn't fault the authors for providing "reams of background > > >> text". > > >>> When crafting this text, they were very aware of the fact that the > > >>> were writing to an audience that had no background in the area. > > >>> > > >>> If you want to take a crack at wordsmithing the charter, go for it. > > >>> > > >>> Ron > > >>> > > >>> > > >>> > > >>>> -----Original Message----- > > >>>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On > > >> Behalf > > >>>> Of Adrian Farrel > > >>>> Sent: Wednesday, January 30, 2013 9:37 AM > > >>>> To: The IESG > > >>>> Subject: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with > > >>>> BLOCK) > > >>>> > > >>>> Adrian Farrel has entered the following ballot position for > > >>>> charter-ietf-wpkops-00-01: Block > > >>>> > > >>>> When responding, please keep the subject line intact and reply to > > >>>> all email addresses included in the To and CC lines. (Feel free to > > >>>> cut this introductory paragraph, however.) > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> ------------------------------------------------------------------ > > - > > >> - > > >>>> -- > > >>>> BLOCK: > > >>>> ------------------------------------------------------------------ > > - > > >> - > > >>>> -- > > >>>> > > >>>> Look, I am in favor of forming this working group, but this is a > > >>>> really awful draft charter! Far too much waffle, and far too > > little > > >>>> about what the WG will actually do. > > >>>> > > >>>> I could have a stab at rewriting, but I doubt I know wnough about > > >>>> the topic to make a good job. > > >>>> > > >>>> Can someone tell me that the reams of text are actually needed, or > > >>>> can someone please take an axe to it. > > >>>> > > >>>> > > >>>> > > >>>> > > > > > > _______________________________________________ > > > wpkops mailing list > > > wpkops@ietf.org > > > https://www.ietf.org/mailman/listinfo/wpkops > > From rbonica@juniper.net Thu Jan 31 08:44:23 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 401F121F84D7 for ; Thu, 31 Jan 2013 08:44:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.326 X-Spam-Level: X-Spam-Status: No, score=-103.326 tagged_above=-999 required=5 tests=[AWL=0.141, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XgLWYkCphb2H for ; Thu, 31 Jan 2013 08:44:22 -0800 (PST) Received: from exprod7og114.obsmtp.com (exprod7og114.obsmtp.com [64.18.2.215]) by ietfa.amsl.com (Postfix) with ESMTP id 5DF5A21F84B6 for ; Thu, 31 Jan 2013 08:44:22 -0800 (PST) Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob114.postini.com ([64.18.6.12]) with SMTP ID DSNKUQqfXyiVKYiYAg2VyXzLNshq9ld1+ik0@postini.com; Thu, 31 Jan 2013 08:44:22 PST Received: from P-CLDFE02-HQ.jnpr.net (172.24.192.60) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 31 Jan 2013 08:41:36 -0800 Received: from o365mail.juniper.net (207.17.137.149) by o365mail.juniper.net (172.24.192.60) with Microsoft SMTP Server id 14.1.355.2; Thu, 31 Jan 2013 08:41:35 -0800 Received: from am1outboundpool.messaging.microsoft.com (213.199.154.209) by o365mail.juniper.net (207.17.137.149) with Microsoft SMTP Server (TLS) id 14.1.355.2; Thu, 31 Jan 2013 08:43:47 -0800 Received: from mail10-am1-R.bigfish.com (10.3.201.247) by AM1EHSOBE024.bigfish.com (10.3.207.146) with Microsoft SMTP Server id 14.1.225.23; Thu, 31 Jan 2013 16:41:33 +0000 Received: from mail10-am1 (localhost [127.0.0.1]) by mail10-am1-R.bigfish.com (Postfix) with ESMTP id 20A3622027D for ; Thu, 31 Jan 2013 16:41:33 +0000 (UTC) X-Forefront-Antispam-Report: CIP:157.56.238.5; KIP:(null); UIP:(null); (null); H:BY2PRD0512HT002.namprd05.prod.outlook.com; R:internal; EFV:INT X-SpamScore: -24 X-BigFish: PS-24(zz98dI9371I542I1432Izz1ee6h1de0h1202h1e76h1d1ah1d2ahzz1033IL8275dhz2dh2a8h668h839h944hd25hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h1155h) Received: from mail10-am1 (localhost.localdomain [127.0.0.1]) by mail10-am1 (MessageSwitch) id 135965049121106_11905; Thu, 31 Jan 2013 16:41:31 +0000 (UTC) Received: from AM1EHSMHS016.bigfish.com (unknown [10.3.201.244]) by mail10-am1.bigfish.com (Postfix) with ESMTP id F334F1C00D2; Thu, 31 Jan 2013 16:41:30 +0000 (UTC) Received: from BY2PRD0512HT002.namprd05.prod.outlook.com (157.56.238.5) by AM1EHSMHS016.bigfish.com (10.3.207.154) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 31 Jan 2013 16:41:29 +0000 Received: from BY2PRD0512MB653.namprd05.prod.outlook.com ([169.254.5.58]) by BY2PRD0512HT002.namprd05.prod.outlook.com ([10.255.243.35]) with mapi id 14.16.0263.000; Thu, 31 Jan 2013 16:41:26 +0000 From: Ronald Bonica To: "adrian@olddog.co.uk" , 'Hannes Tschofenig' Thread-Topic: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) Thread-Index: AQHN/vdN2UfgvAZum06YFXMSILhrUphh+AwQgAAtlICAACWwoIAAuhCAgACHzsCAAAdQgIAAERBw Date: Thu, 31 Jan 2013 16:41:26 +0000 Message-ID: <2CF4CB03E2AA464BA0982EC92A02CE2501E60EAF@BY2PRD0512MB653.namprd05.prod.outlook.com> References: <2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8@BY2PRD0512MB653.namprd05.prod.outlook.com> <8E796CE1-495A-4FFE-8172-54308799196D@gmx.net> <2CF4CB03E2AA464BA0982EC92A02CE2501E60BF7@BY2PRD0512MB653.namprd05.prod.outlook.com> <009001cdffc9$37ae1f80$a70a5e80$@olddog.co.uk> In-Reply-To: <009001cdffc9$37ae1f80$a70a5e80$@olddog.co.uk> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [66.129.224.53] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%12219$Dn%OLDDOG.CO.UK$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net X-FOPE-CONNECTOR: Id%12219$Dn%GMX.NET$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net X-FOPE-CONNECTOR: Id%12219$Dn%IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net Cc: "wpkops@ietf.org" Subject: Re: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2013 16:44:23 -0000 Yep. I responded to your message before reading your response to Hannes. > -----Original Message----- > From: Adrian Farrel [mailto:adrian@olddog.co.uk] > Sent: Thursday, January 31, 2013 10:40 AM > To: Ronald Bonica; 'Hannes Tschofenig' > Cc: wpkops@ietf.org > Subject: RE: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops- > 00-01: (with BLOCK) >=20 > I think my answer to Ron is probably identical to my answer to Hannes, > so I am not going to retype it. > A >=20 > > -----Original Message----- > > From: Ronald Bonica [mailto:rbonica@juniper.net] > > Sent: 31 January 2013 15:14 > > To: Hannes Tschofenig > > Cc: wpkops@ietf.org; adrian@olddog.co.uk > > Subject: RE: [wpkops] FW: Adrian Farrel's Block on charter-ietf- > wpkops-00-01: > > (with BLOCK) > > > > > > Me too! > > > > > > > -----Original Message----- > > > From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] > > > Sent: Thursday, January 31, 2013 2:08 AM > > > To: Ronald Bonica > > > Cc: Hannes Tschofenig; wpkops@ietf.org; adrian@olddog.co.uk > > > Subject: Re: [wpkops] FW: Adrian Farrel's Block on > > > charter-ietf-wpkops- > > > 00-01: (with BLOCK) > > > > > > Hi Ron, Hi Adrian, > > > > > > I am curious what the blocking objection is when the text that > > > Adrian proposes does not in any way change the charter. > > > > > > Ciao > > > Hannes > > > > > > On Jan 30, 2013, at 10:06 PM, Ronald Bonica wrote: > > > > > > > Folks, > > > > > > > > Adrian Farrel has posted a blocking objection to the proposed > > > > WPKOPS > > > charter and offered alternative text (attached). IMHO, the text > that > > > Adrian proposes does not in any way change the WG's charter. > > > > > > > > Does anyone object to using Adrian's alternative text? > > > > > > > > Ron > > > > > > > >> -----Original Message----- > > > >> From: Adrian Farrel [mailto:adrian@olddog.co.uk] > > > >> Sent: Wednesday, January 30, 2013 12:47 PM > > > >> To: Ronald Bonica; 'The IESG' > > > >> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00-01: > > > >> (with > > > >> BLOCK) > > > >> > > > >> Alright Ron, > > > >> > > > >> How does the attached look? I believe I have captured all of the > > > >> WG actions, and all of the out of scope items. > > > >> > > > >> But I have also tried to remove a lot of the explanation and > > > history. > > > >> I can believe this is interesting, but not that it belongs in > the > > > >> charter. > > > >> > > > >> If it is no good, throw it out and I will probably Noobj the > > > >> charter (given the "urgency" :-) > > > >> > > > >> A > > > >> > > > >>> -----Original Message----- > > > >>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On > > > Behalf > > > >>> Of Ronald Bonica > > > >>> Sent: 30 January 2013 15:12 > > > >>> To: Adrian Farrel; The IESG > > > >>> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00- > 01: > > > >> (with > > > >>> BLOCK) > > > >>> > > > >>> Adrian, > > > >>> > > > >>> The two paragraphs below, taken from the charter, tell you what > > > >>> the > > > >> WG will do: > > > >>> > > > >>> "Starting from the premise that more consistency in Web > security > > > >>> behavior is desirable, a natural first step is to document > > > >>> current > > > >> and > > > >>> historic browser and server behavior, including: the trust > model > > > >>> on which they are based; the contents and processing of fields > > > >>> and extensions; the processing of the various revocation > > > >>> schemes; and how the TLS stack deals with PKI, including > varying > > > >>> interpretations and implementation errors, as well as state > > > >>> changes visible to the > > > user. > > > >>> Where appropriate, specific products and specific versions of > > > >>> those products will be identified." > > > >>> > > > >>> "Future activities may attempt to prescribe how the Web PKI > > > "should" > > > >>> work, and the prescription may turn out to be a proper subset > of > > > the > > > >>> PKIX PKI. However, that task is explicitly not a goal of the > > > >> proposed > > > >>> working group. Instead, the group's goal is merely to describe > > > >>> how the Web PKI "actually" works in the set of browsers and > > > >>> servers > > > that > > > >>> are in common use today." > > > >>> > > > >>> I wouldn't fault the authors for providing "reams of background > > > >> text". > > > >>> When crafting this text, they were very aware of the fact that > > > >>> the were writing to an audience that had no background in the > area. > > > >>> > > > >>> If you want to take a crack at wordsmithing the charter, go for > it. > > > >>> > > > >>> Ron > > > >>> > > > >>> > > > >>> > > > >>>> -----Original Message----- > > > >>>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On > > > >> Behalf > > > >>>> Of Adrian Farrel > > > >>>> Sent: Wednesday, January 30, 2013 9:37 AM > > > >>>> To: The IESG > > > >>>> Subject: Adrian Farrel's Block on charter-ietf-wpkops-00-01: > > > >>>> (with > > > >>>> BLOCK) > > > >>>> > > > >>>> Adrian Farrel has entered the following ballot position for > > > >>>> charter-ietf-wpkops-00-01: Block > > > >>>> > > > >>>> When responding, please keep the subject line intact and reply > > > >>>> to all email addresses included in the To and CC lines. (Feel > > > >>>> free to cut this introductory paragraph, however.) > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> -------------------------------------------------------------- > - > > > >>>> --- > > > - > > > >> - > > > >>>> -- > > > >>>> BLOCK: > > > >>>> -------------------------------------------------------------- > - > > > >>>> --- > > > - > > > >> - > > > >>>> -- > > > >>>> > > > >>>> Look, I am in favor of forming this working group, but this is > > > >>>> a really awful draft charter! Far too much waffle, and far too > > > little > > > >>>> about what the WG will actually do. > > > >>>> > > > >>>> I could have a stab at rewriting, but I doubt I know wnough > > > >>>> about the topic to make a good job. > > > >>>> > > > >>>> Can someone tell me that the reams of text are actually > needed, > > > >>>> or can someone please take an axe to it. > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > > > > > > _______________________________________________ > > > > wpkops mailing list > > > > wpkops@ietf.org > > > > https://www.ietf.org/mailman/listinfo/wpkops > > > >=20 >=20 From hannes.tschofenig@gmx.net Thu Jan 31 08:54:13 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD86B21F8815 for ; Thu, 31 Jan 2013 08:54:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.258 X-Spam-Level: X-Spam-Status: No, score=-102.258 tagged_above=-999 required=5 tests=[AWL=0.341, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ryCjPQVV9PjW for ; Thu, 31 Jan 2013 08:54:08 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by ietfa.amsl.com (Postfix) with ESMTP id 863D421F8563 for ; Thu, 31 Jan 2013 08:54:07 -0800 (PST) Received: from mailout-de.gmx.net ([10.1.76.12]) by mrigmx.server.lan (mrigmx002) with ESMTP (Nemesis) id 0LeP1H-1UmNxj31qv-00qEXr for ; Thu, 31 Jan 2013 17:54:06 +0100 Received: (qmail invoked by alias); 31 Jan 2013 16:54:06 -0000 Received: from a88-115-219-140.elisa-laajakaista.fi (EHLO [192.168.100.100]) [88.115.219.140] by mail.gmx.net (mp012) with SMTP; 31 Jan 2013 17:54:06 +0100 X-Authenticated: #29516787 X-Provags-ID: V01U2FsdGVkX186XOoV5T86tGjQ/21BXtlCnxi4BUwZmSMwvxhNSY Std2BXA51s044a Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Hannes Tschofenig In-Reply-To: <022501cdff8f$8a174740$9e45d5c0$@olddog.co.uk> Date: Thu, 31 Jan 2013 18:54:04 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <7D234568-0488-42A6-A550-C1FF2E430754@gmx.net> References: <2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8@BY2PRD0512MB653.namprd05.prod.outlook.com> <8E796CE1-495A-4FFE-8172-54308799196D@gmx.net> <022501cdff8f$8a174740$9e45d5c0$@olddog.co.uk> To: X-Mailer: Apple Mail (2.1085) X-Y-GMX-Trusted: 0 Cc: 'Ronald Bonica' , Hannes Tschofenig , wpkops@ietf.org Subject: Re: [wpkops] FW: Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2013 16:54:13 -0000 Hi Adrian,=20 thanks for this clarification. I agree it is useful to say what the working group is doing; I don't = have a strong view about the level of detail regarding the background = information. It is always difficult to find the right level.=20 In any case, it is great to hear that you are not objecting against the = work. Ciao Hannes On Jan 31, 2013, at 10:47 AM, Adrian Farrel wrote: > Hannes, >=20 > For whatever reason, the IESG has YES, BLOCK, and NO OBJECTION for = charter > evaluation. BLOCK takes the same position as DISCUSS for an I-D. >=20 > In my case, I wanted to Discuss the charter text with the sponsoring = AD (see my > note at the foot of this thread). The original draft charter very = nearly didn't > actually mention the working group, but had lots of good words about = Web PKI, > how it is used, and what the problems are. While it is helpful to have = some > background and motivation, I believe it is move valuable to describe = the work > that the working group will do. >=20 > In my re-draft I have tried to retain some of the background, but to = reorganise > the text so that it more pithily describes the working group. >=20 > I present it as an offering at your altar, not as a mandatory change. = I don't > want to get in the way of the formation of this WG, but I would like = to use the > week remaining before the IESG telechat to try to get a better = charter. If the > mailing list says "We spent a lot of effort crafting the current text. = We like > it. It is good" then I am likely to back down. >=20 > Cheers, > Adrian >=20 >> -----Original Message-----=20 >> From: Hannes Tschofenig [mailto:hannes.tschofenig@gmx.net] >> Sent: 31 January 2013 07:08 >> To: Ronald Bonica >> Cc: Hannes Tschofenig; wpkops@ietf.org; adrian@olddog.co.uk >> Subject: Re: [wpkops] FW: Adrian Farrel's Block on = charter-ietf-wpkops-00-01: >> (with BLOCK) >>=20 >> Hi Ron, Hi Adrian, >>=20 >> I am curious what the blocking objection is when the text that Adrian = proposes >> does not in any way change the charter. >>=20 >> Ciao >> Hannes >>=20 >> On Jan 30, 2013, at 10:06 PM, Ronald Bonica wrote: >>=20 >>> Folks, >>>=20 >>> Adrian Farrel has posted a blocking objection to the proposed WPKOPS = charter >> and offered alternative text (attached). IMHO, the text that Adrian = proposes >> does not in any way change the WG's charter. >>>=20 >>> Does anyone object to using Adrian's alternative text? >>>=20 >>> Ron >>>=20 >>>> -----Original Message----- >>>> From: Adrian Farrel [mailto:adrian@olddog.co.uk] >>>> Sent: Wednesday, January 30, 2013 12:47 PM >>>> To: Ronald Bonica; 'The IESG' >>>> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00-01: = (with >>>> BLOCK) >>>>=20 >>>> Alright Ron, >>>>=20 >>>> How does the attached look? I believe I have captured all of the WG >>>> actions, and all of the out of scope items. >>>>=20 >>>> But I have also tried to remove a lot of the explanation and = history. I >>>> can believe this is interesting, but not that it belongs in the >>>> charter. >>>>=20 >>>> If it is no good, throw it out and I will probably Noobj the = charter >>>> (given the "urgency" :-) >>>>=20 >>>> A >>>>=20 >>>>> -----Original Message----- >>>>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On = Behalf >>>>> Of Ronald Bonica >>>>> Sent: 30 January 2013 15:12 >>>>> To: Adrian Farrel; The IESG >>>>> Subject: RE: Adrian Farrel's Block on charter-ietf-wpkops-00-01: >>>> (with >>>>> BLOCK) >>>>>=20 >>>>> Adrian, >>>>>=20 >>>>> The two paragraphs below, taken from the charter, tell you what = the >>>> WG will do: >>>>>=20 >>>>> "Starting from the premise that more consistency in Web security >>>>> behavior is desirable, a natural first step is to document current >>>> and >>>>> historic browser and server behavior, including: the trust model = on >>>>> which they are based; the contents and processing of fields and >>>>> extensions; the processing of the various revocation schemes; and = how >>>>> the TLS stack deals with PKI, including varying interpretations = and >>>>> implementation errors, as well as state changes visible to the = user. >>>>> Where appropriate, specific products and specific versions of = those >>>>> products will be identified." >>>>>=20 >>>>> "Future activities may attempt to prescribe how the Web PKI = "should" >>>>> work, and the prescription may turn out to be a proper subset of = the >>>>> PKIX PKI. However, that task is explicitly not a goal of the >>>> proposed >>>>> working group. Instead, the group's goal is merely to describe = how >>>>> the Web PKI "actually" works in the set of browsers and servers = that >>>>> are in common use today." >>>>>=20 >>>>> I wouldn't fault the authors for providing "reams of background >>>> text". >>>>> When crafting this text, they were very aware of the fact that the >>>>> were writing to an audience that had no background in the area. >>>>>=20 >>>>> If you want to take a crack at wordsmithing the charter, go for = it. >>>>>=20 >>>>> Ron >>>>>=20 >>>>>=20 >>>>>=20 >>>>>> -----Original Message----- >>>>>> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On >>>> Behalf >>>>>> Of Adrian Farrel >>>>>> Sent: Wednesday, January 30, 2013 9:37 AM >>>>>> To: The IESG >>>>>> Subject: Adrian Farrel's Block on charter-ietf-wpkops-00-01: = (with >>>>>> BLOCK) >>>>>>=20 >>>>>> Adrian Farrel has entered the following ballot position for >>>>>> charter-ietf-wpkops-00-01: Block >>>>>>=20 >>>>>> When responding, please keep the subject line intact and reply to >>>>>> all email addresses included in the To and CC lines. (Feel free = to >>>>>> cut this introductory paragraph, however.) >>>>>>=20 >>>>>>=20 >>>>>>=20 >>>>>>=20 >>>>>>=20 >>>>>> = ------------------------------------------------------------------- >>>> - >>>>>> -- >>>>>> BLOCK: >>>>>> = ------------------------------------------------------------------- >>>> - >>>>>> -- >>>>>>=20 >>>>>> Look, I am in favor of forming this working group, but this is a >>>>>> really awful draft charter! Far too much waffle, and far too = little >>>>>> about what the WG will actually do. >>>>>>=20 >>>>>> I could have a stab at rewriting, but I doubt I know wnough about >>>>>> the topic to make a good job. >>>>>>=20 >>>>>> Can someone tell me that the reams of text are actually needed, = or >>>>>> can someone please take an axe to it. >>>>>>=20 >>>>>>=20 >>>>>>=20 >>>>>>=20 >>>=20 >>> _______________________________________________ >>> wpkops mailing list >>> wpkops@ietf.org >>> https://www.ietf.org/mailman/listinfo/wpkops >=20 From rbonica@juniper.net Thu Jan 31 08:54:23 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28C8B21F858C for ; Thu, 31 Jan 2013 08:54:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.335 X-Spam-Level: X-Spam-Status: No, score=-103.335 tagged_above=-999 required=5 tests=[AWL=0.132, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a3uM9Tu1rSik for ; Thu, 31 Jan 2013 08:54:22 -0800 (PST) Received: from exprod7og118.obsmtp.com (exprod7og118.obsmtp.com [64.18.2.8]) by ietfa.amsl.com (Postfix) with ESMTP id 887DE21F855D for ; Thu, 31 Jan 2013 08:54:22 -0800 (PST) Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob118.postini.com ([64.18.6.12]) with SMTP ID DSNKUQqhuXJ0ChJ887MYqoKJTYcqcSkKFzbS@postini.com; Thu, 31 Jan 2013 08:54:22 PST Received: from P-CLDFE01-HQ.jnpr.net (172.24.192.59) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 31 Jan 2013 08:52:17 -0800 Received: from o365mail.juniper.net (207.17.137.149) by o365mail.juniper.net (172.24.192.59) with Microsoft SMTP Server id 14.1.355.2; Thu, 31 Jan 2013 08:52:17 -0800 Received: from CO9EHSOBE026.bigfish.com (207.46.163.25) by o365mail.juniper.net (207.17.137.149) with Microsoft SMTP Server (TLS) id 14.1.355.2; Thu, 31 Jan 2013 08:54:29 -0800 Received: from mail128-co9-R.bigfish.com (10.236.132.244) by CO9EHSOBE026.bigfish.com (10.236.130.89) with Microsoft SMTP Server id 14.1.225.23; Thu, 31 Jan 2013 16:52:16 +0000 Received: from mail128-co9 (localhost [127.0.0.1]) by mail128-co9-R.bigfish.com (Postfix) with ESMTP id AF174C0301 for ; Thu, 31 Jan 2013 16:52:16 +0000 (UTC) X-Forefront-Antispam-Report: CIP:157.56.238.5; KIP:(null); UIP:(null); (null); H:BY2PRD0512HT003.namprd05.prod.outlook.com; R:internal; EFV:INT X-SpamScore: -24 X-BigFish: PS-24(zz98dI9371I542I1432Izz1ee6h1de0h1202h1e76h1d1ah1d2ahzz1033IL8275dhz2dh2a8h668h839h944hd25hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h1155h) Received: from mail128-co9 (localhost.localdomain [127.0.0.1]) by mail128-co9 (MessageSwitch) id 1359651134780637_5346; Thu, 31 Jan 2013 16:52:14 +0000 (UTC) Received: from CO9EHSMHS018.bigfish.com (unknown [10.236.132.241]) by mail128-co9.bigfish.com (Postfix) with ESMTP id B245E58005E; Thu, 31 Jan 2013 16:52:14 +0000 (UTC) Received: from BY2PRD0512HT003.namprd05.prod.outlook.com (157.56.238.5) by CO9EHSMHS018.bigfish.com (10.236.130.28) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 31 Jan 2013 16:52:13 +0000 Received: from BY2PRD0512MB653.namprd05.prod.outlook.com ([169.254.5.58]) by BY2PRD0512HT003.namprd05.prod.outlook.com ([10.255.243.36]) with mapi id 14.16.0263.000; Thu, 31 Jan 2013 16:52:13 +0000 From: Ronald Bonica To: Paul Hoffman , "adrian@olddog.co.uk" Thread-Topic: [wpkops] Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) Thread-Index: AQHN/8kOQMJgPdOSgEOaaDTY6DFC7ZhjptWQ Date: Thu, 31 Jan 2013 16:52:12 +0000 Message-ID: <2CF4CB03E2AA464BA0982EC92A02CE2501E60EE0@BY2PRD0512MB653.namprd05.prod.outlook.com> References: <2CF4CB03E2AA464BA0982EC92A02CE2501E5FAE8@BY2PRD0512MB653.namprd05.prod.outlook.com> <8E796CE1-495A-4FFE-8172-54308799196D@gmx.net> <022501cdff8f$8a174740$9e45d5c0$@olddog.co.uk> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [66.129.224.53] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%12219$Dn%VPNC.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net X-FOPE-CONNECTOR: Id%12219$Dn%OLDDOG.CO.UK$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net X-FOPE-CONNECTOR: Id%12219$Dn%GMX.NET$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net X-FOPE-CONNECTOR: Id%12219$Dn%IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net Cc: 'Hannes Tschofenig' , "wpkops@ietf.org" Subject: Re: [wpkops] Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2013 16:54:23 -0000 Sounds reasonable. Unless there are any strong objections, we can adopt Adr= ian's text. Ron > -----Original Message----- > From: wpkops-bounces@ietf.org [mailto:wpkops-bounces@ietf.org] On > Behalf Of Paul Hoffman > Sent: Thursday, January 31, 2013 10:38 AM > To: adrian@olddog.co.uk > Cc: Ronald Bonica; 'Hannes Tschofenig'; wpkops@ietf.org > Subject: Re: [wpkops] Adrian Farrel's Block on charter-ietf-wpkops-00- > 01: (with BLOCK) >=20 > On Jan 31, 2013, at 12:47 AM, Adrian Farrel > wrote: >=20 > > In my re-draft I have tried to retain some of the background, but to > > reorganise the text so that it more pithily describes the working > group. >=20 > That is appropriate for a WG charter. It is especially appropriate here > because the WG is not developing protocols. >=20 > > I present it as an offering at your altar, not as a mandatory change. > > I don't want to get in the way of the formation of this WG, but I > > would like to use the week remaining before the IESG telechat to try > > to get a better charter. If the mailing list says "We spent a lot of > > effort crafting the current text. We like it. It is good" then I am > likely to back down. >=20 > We did not spend much effort crafting the current text, as can be seen > from the short length of the BoF archives. >=20 > I think Adrian's proposal is better than the original because it lets > people not yet active in the WG know better what the WG is supposed to > be doing. >=20 > --Paul Hoffman > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops From Jeff.Hodges@KingsMountain.com Thu Jan 31 09:20:53 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB9D921F854F for ; Thu, 31 Jan 2013 09:20:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.298 X-Spam-Level: X-Spam-Status: No, score=-102.298 tagged_above=-999 required=5 tests=[AWL=-0.033, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1fMQmEM34qFV for ; Thu, 31 Jan 2013 09:20:52 -0800 (PST) Received: from oproxy6-pub.bluehost.com (oproxy6-pub.bluehost.com [67.222.54.6]) by ietfa.amsl.com (Postfix) with SMTP id 474C921F854E for ; Thu, 31 Jan 2013 09:20:52 -0800 (PST) Received: (qmail 19801 invoked by uid 0); 31 Jan 2013 17:20:30 -0000 Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy3.bluehost.com with SMTP; 31 Jan 2013 17:20:30 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=rokvHes3MeiXDRwLs0ZfoIpuGqcg4aSfUnEgB45zWTA=; b=TNE3RjJxcnfJOHCsi94c/Z778Ypds7i5N0AYhcy4Nzgc6DmrDwrTJHqQpc9sOGRgZSfSkQLr6UXN7aE4nzjknFNtIJG0EIpfP5R4cSz7bOilrUrOig5pZc6OYCjd3cZa; Received: from [216.113.168.128] (port=38472 helo=[10.244.136.154]) by box514.bluehost.com with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.80) (envelope-from ) id 1U0xoL-000771-Hn; Thu, 31 Jan 2013 10:20:29 -0700 Message-ID: <510AA7DE.2070501@KingsMountain.com> Date: Thu, 31 Jan 2013 09:20:30 -0800 From: =JeffH User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2 MIME-Version: 1.0 To: Ronald Bonica , Hannes Tschofenig , wpkops@ietf.org, Adrian Farrel Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com} Subject: Re: [wpkops] Adrian Farrel's Block on charter-ietf-wpkops-00-01: (with BLOCK) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2013 17:20:53 -0000 [ note that Adrian Farrel's proposed wpkops charter re-write text is at the end of: https://www.ietf.org/mail-archive/web/wpkops/current/msg00159.html ] The overall style of the re-write looks fine to me. +1 to Paul H. I'd be inclined to retain the references, but won't go to the mat over it. =JeffH