From rbonica@juniper.net Thu Feb 21 10:05:07 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92DA221F8F40 for ; Thu, 21 Feb 2013 10:05:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -103.137 X-Spam-Level: X-Spam-Status: No, score=-103.137 tagged_above=-999 required=5 tests=[AWL=0.330, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3tCo6viWqtwa for ; Thu, 21 Feb 2013 10:05:07 -0800 (PST) Received: from exprod7og113.obsmtp.com (exprod7og113.obsmtp.com [64.18.2.179]) by ietfa.amsl.com (Postfix) with ESMTP id D92C421F8F08 for ; Thu, 21 Feb 2013 10:05:06 -0800 (PST) Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob113.postini.com ([64.18.6.12]) with SMTP ID DSNKUSZh0nMgkvJvB4DhDlmXGGLyn+rK4jrw@postini.com; Thu, 21 Feb 2013 10:05:06 PST Received: from P-CLDFE01-HQ.jnpr.net (172.24.192.59) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 21 Feb 2013 10:03:25 -0800 Received: from o365mail.juniper.net (207.17.137.224) by o365mail.juniper.net (172.24.192.59) with Microsoft SMTP Server id 14.1.355.2; Thu, 21 Feb 2013 10:03:25 -0800 Received: from co1outboundpool.messaging.microsoft.com (216.32.180.185) by o365mail.juniper.net (207.17.137.224) with Microsoft SMTP Server (TLS) id 14.1.355.2; Thu, 21 Feb 2013 10:12:01 -0800 Received: from mail136-co1-R.bigfish.com (10.243.78.218) by CO1EHSOBE022.bigfish.com (10.243.66.85) with Microsoft SMTP Server id 14.1.225.23; Thu, 21 Feb 2013 18:03:23 +0000 Received: from mail136-co1 (localhost [127.0.0.1]) by mail136-co1-R.bigfish.com (Postfix) with ESMTP id B9F85C801CB for ; Thu, 21 Feb 2013 18:03:23 +0000 (UTC) X-Forefront-Antispam-Report: CIP:157.56.238.5; KIP:(null); UIP:(null); (null); H:BY2PRD0512HT004.namprd05.prod.outlook.com; R:internal; EFV:INT X-SpamScore: 0 X-BigFish: PS0(zzda00hzz1f42h1ee6h1de0h1202h1e76h1d1ah1d2ahzz8275dh18602ehz2dh2a8h668h839h944hd25hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1155h) Received: from mail136-co1 (localhost.localdomain [127.0.0.1]) by mail136-co1 (MessageSwitch) id 1361469801753249_32629; Thu, 21 Feb 2013 18:03:21 +0000 (UTC) Received: from CO1EHSMHS016.bigfish.com (unknown [10.243.78.212]) by mail136-co1.bigfish.com (Postfix) with ESMTP id AB43EA80073 for ; Thu, 21 Feb 2013 18:03:21 +0000 (UTC) Received: from BY2PRD0512HT004.namprd05.prod.outlook.com (157.56.238.5) by CO1EHSMHS016.bigfish.com (10.243.66.26) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 21 Feb 2013 18:03:19 +0000 Received: from BY2PRD0512MB653.namprd05.prod.outlook.com ([169.254.5.49]) by BY2PRD0512HT004.namprd05.prod.outlook.com ([10.255.243.37]) with mapi id 14.16.0263.000; Thu, 21 Feb 2013 18:03:19 +0000 From: Ronald Bonica To: "wpkops@ietf.org" Thread-Topic: Congrats! Thread-Index: Ac4QXboAIvfi7SkyQaeKjqB4+c9rgA== Date: Thu, 21 Feb 2013 18:03:18 +0000 Message-ID: <2CF4CB03E2AA464BA0982EC92A02CE2501EF8D57@BY2PRD0512MB653.namprd05.prod.outlook.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [66.129.232.2] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% X-FOPE-CONNECTOR: Id%12219$Dn%IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net Subject: [wpkops] Congrats! X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2013 18:05:07 -0000 The community has approved creation of the WPKOPS WG! -------------------------- Ron Bonica vcard: www.bonica.org/ron/ronbonica.vcf From hallam@gmail.com Thu Feb 21 10:29:40 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC2F221F8F34 for ; Thu, 21 Feb 2013 10:29:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.709 X-Spam-Level: X-Spam-Status: No, score=-5.709 tagged_above=-999 required=5 tests=[AWL=-2.110, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O4Jq7DDOk9aa for ; Thu, 21 Feb 2013 10:29:40 -0800 (PST) Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) by ietfa.amsl.com (Postfix) with ESMTP id 162B121F8F33 for ; Thu, 21 Feb 2013 10:29:39 -0800 (PST) Received: by mail-wi0-f181.google.com with SMTP id hm6so7986343wib.2 for ; Thu, 21 Feb 2013 10:29:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=5TCgFaJVhpxvM1TsSBP+OAebLJzk8tRyMwH9SkEKOpU=; b=MjzbKhKplmuECzu8R8Xv68KAQMs532pKzehiTkv5xKwxTvV2GKwlJQgLNbzpgAN4ww 69XiRIGEDMVI0JWyEqYWqrHxmYMS6O2lr9VazxBARalX7Rh7a81cs4oZhAuEFOKujV8z vYQiIF/Hao/gkRYlAQZDDDf4oFBlNhF8jQZ6945ZF5V4p++RG5c+jskIBPwMb40Fhg6t i/DL7zf34sTVYe06PPUQIkd2Nk1uFQxiVMhJUVs10uCn5hU6LWGUh/6oQ/OEeohw209X fr4uospNDyz/k+gQi+bFUps5WjVQzNtph9R6SdQ/GeXgk1rKYMpMGSfNTr/VHUs0Rym+ Ch9A== MIME-Version: 1.0 X-Received: by 10.194.87.100 with SMTP id w4mr43576129wjz.48.1361471379174; Thu, 21 Feb 2013 10:29:39 -0800 (PST) Received: by 10.194.11.71 with HTTP; Thu, 21 Feb 2013 10:29:38 -0800 (PST) In-Reply-To: <2CF4CB03E2AA464BA0982EC92A02CE2501EF8D57@BY2PRD0512MB653.namprd05.prod.outlook.com> References: <2CF4CB03E2AA464BA0982EC92A02CE2501EF8D57@BY2PRD0512MB653.namprd05.prod.outlook.com> Date: Thu, 21 Feb 2013 13:29:38 -0500 Message-ID: From: Phillip Hallam-Baker To: Ronald Bonica Content-Type: text/plain; charset=ISO-8859-1 Cc: "wpkops@ietf.org" Subject: Re: [wpkops] Congrats! X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2013 18:29:41 -0000 I guess I should get started on the deliverable I signed up for then... Something about revocation. On Thu, Feb 21, 2013 at 1:03 PM, Ronald Bonica wrote: > > The community has approved creation of the WPKOPS WG! > > -------------------------- > Ron Bonica > vcard: www.bonica.org/ron/ronbonica.vcf > > > > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops -- Website: http://hallambaker.com/ From ben@digicert.com Thu Feb 21 10:59:50 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE90721F8F4C for ; Thu, 21 Feb 2013 10:59:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.599 X-Spam-Level: X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d8pDdFDcCemj for ; Thu, 21 Feb 2013 10:59:49 -0800 (PST) Received: from mail.digicert.com (mail.digicert.com [64.78.193.232]) by ietfa.amsl.com (Postfix) with ESMTP id 60AA021F8F49 for ; Thu, 21 Feb 2013 10:59:49 -0800 (PST) Received: from BWILSONL1 (unknown [64.78.193.228]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.digicert.com (Postfix) with ESMTPSA id 077598FA93C; Thu, 21 Feb 2013 11:59:49 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digicert.com; s=mail; t=1361473189; bh=+X+en5kfHjP7YHsc75BW1AOShCoEimAr8AWbzDThWSs=; h=Reply-To:From:To:Cc:References:In-Reply-To:Subject:Date; b=YKPznhKwFf2Mw8L7yzxOANQqlFFGxsfNyzhkOYzkdjWouGu3G+f32mQfddJrIrBVi U248+sWf7RoFugeSmWj3fmGpQP+NFq/sps7OoNpFDZie4wsvBTLPqMQIQvdATHp0SY 04+y2jtqFXb9Wko0GoIIXd1DxLhyvgzn3jBzDEXg= From: "Ben Wilson" To: "'Phillip Hallam-Baker'" , "'Ronald Bonica'" References: <2CF4CB03E2AA464BA0982EC92A02CE2501EF8D57@BY2PRD0512MB653.namprd05.prod.outlook.com> In-Reply-To: Date: Thu, 21 Feb 2013 11:59:47 -0700 Organization: DigiCert Message-ID: <007d01ce1065$9e9ca390$dbd5eab0$@digicert.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQNMuXpr7LVy+ep6fvrwNST9COfk4wG6rV2nlXmCnnA= Content-Language: en-us Cc: wpkops@ietf.org Subject: Re: [wpkops] Congrats! X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ben@digicert.com List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2013 18:59:50 -0000 Phillip, You and I should coordinate because I think some things that I am working on with Robin overlap. Thanks, Ben -----Original Message----- From: wpkops-bounces@ietf.org [mailto:wpkops-bounces@ietf.org] On Behalf Of Phillip Hallam-Baker Sent: Thursday, February 21, 2013 11:30 AM To: Ronald Bonica Cc: wpkops@ietf.org Subject: Re: [wpkops] Congrats! I guess I should get started on the deliverable I signed up for then... Something about revocation. On Thu, Feb 21, 2013 at 1:03 PM, Ronald Bonica wrote: > > The community has approved creation of the WPKOPS WG! > > -------------------------- > Ron Bonica > vcard: www.bonica.org/ron/ronbonica.vcf > > > > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops -- Website: http://hallambaker.com/ _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops From iesg-secretary@ietf.org Tue Feb 26 09:58:53 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A2A321F8883; Tue, 26 Feb 2013 09:58:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.541 X-Spam-Level: X-Spam-Status: No, score=-102.541 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XyzueRdzw2Hu; Tue, 26 Feb 2013 09:58:52 -0800 (PST) Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA4B921F8858; Tue, 26 Feb 2013 09:58:52 -0800 (PST) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IETF-Announce X-Test-IDTracker: no X-IETF-IDTracker: 4.40p1 Message-ID: <20130226175852.30207.99617.idtracker@ietfa.amsl.com> Date: Tue, 26 Feb 2013 09:58:52 -0800 Cc: wpkops WG Subject: [wpkops] WG Action: Formed Web PKI OPS (wpkops) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2013 17:58:53 -0000 A new IETF working group has been formed in the Operations and Management Area. For additional information please contact the Area Directors or the WG Chairs. Web PKI OPS (wpkops) ------------------------------------------------ Current Status: Proposed Working Group Chairs: Sharon Boeyen Tim Moses Assigned Area Director: Ronald Bonica Mailing list Address: wpkops@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/wpkops Archive: http://www.ietf.org/mail-archive/web/wpkops/ Charter of Working Group: The Web Public Key Infrastructure (PKI) is the set of systems, policies, and procedures used to protect the confidentiality, integrity, and authenticity of communications between Web browsers and Web content servers. The Web PKI is used in conjunction with security protocols such as TLS/SSL and OCSP. More specifically, the Web PKI (as considered here) consists of the fields included in the certificates issued to Web content and application providers by Certification Authorities (CAs), the certificate status services provided by the Authorities to Web browsers and their users, and the TLS/SSL protocol stacks embedded in web servers and browsers. The Web PKI Operations (wpkops) working group will work to improve the consistency of Web security behavior. It will address the problems caused by the many hundreds of variations of the Web PKI currently in use: - For end-users (i.e. relying parties), there is no clear view of whether certificate "problems" remain once they see an indication of a "good" connection. For instance, in some browsers, a "good" indication is displayed when a "revoked" response has been received and "accepted" by the user, whereas other browsers refuse to display the contents under these circumstances. - Many certificate holders are unsure which browser versions will reject their certificate if certain certificate profiles are not met, such as a subject public key that does not satisfy a minimum key size, or a certificate policies extension that does not contain a particular standard policy identifier. - Certificate issuers (i.e., CAs) find it difficult to predict whether a certificate chain with certain characteristics will be accepted. For instance, some browsers include a nonce in their OCSP requests and expect one in the corresponding responses, not all servers include a nonce in their replies, and this means some certificate chains will validate while others won't. The working group's goal is to describe how the Web PKI "actually" works in the set of browsers and servers that are in common use today. To that end, the working group will document current and historic browser and server behavior. For each this will include: - The trust model on which it is based; - The contents and processing of fields and extensions; - The processing of the various revocation schemes; - How the TLS stack deals with PKI, including varying interpretations and implementation errors, as well as state changes visible to the user. - The state changes that are visible to and/or controlled by the user (to help predict the decisions that will be made the users and so determine the effectiveness of the Web PKI). - Identification of when Web PKI mechanisms are reused by other applications and implications of that reuse. Where appropriate, specific products and specific versions of those products will be identified, but recording the design details of the user interfaces of specific products is not necessary. Only server-authentication behavior encountered in more than 0.1 percent of connections made by desktop and mobile browsers is to be considered. While it is not intended to apply the threshold with any precision, it will be used to justify the inclusion or exclusion of a technique. A number of activities are outside the immedaiate scope of this working group, but might be considered in future re-chartering activity or included in the work of other working groups: - The working group will not work to describe how thw Web PKI "should work. - The working group will not examine the certification practices of certificate issuers. - The working group will not investigate applications (such as client authentication, document signing, code signing, and email) that often use the same trust anchors and certificate processing mechanisms as those used for Web server authentication. Given the urgency of the required developments and the scale of the task, it is agreed that adherence to the published milestones will take precedence over completeness of the results, without sacrificing technical correctness. Milestones: Jun 2013 - First WG draft of 'trust model' document Oct 2013 - First WG draft of 'certificate revocation' document Oct 2013 - First WG draft of 'TLS stack operation' document Feb 2014 - First WG draft of 'field and extension processing for certificates, CRLs, and OCSP responses' document Jun 2014 - IESG submission of 'trust model' document Jun 2014 - IESG submission of 'TLS stack operation' document Oct 2014 - IESG submission of 'certificate revocation' document Feb 2015 - IESG submission of 'field and extension processing for certificates, CRLs, and OCSP responses' From joelja@bogus.com Tue Feb 26 10:06:10 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 584F121F886B for ; Tue, 26 Feb 2013 10:06:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.307 X-Spam-Level: X-Spam-Status: No, score=-101.307 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MISSING_HEADERS=1.292, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lfsq-6xHyfGN for ; Tue, 26 Feb 2013 10:06:09 -0800 (PST) Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id 99DEF21F891D for ; Tue, 26 Feb 2013 10:06:09 -0800 (PST) Received: from joels-MacBook-Air.local ([72.5.115.169]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r1QI69WJ022184 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT) for ; Tue, 26 Feb 2013 18:06:09 GMT (envelope-from joelja@bogus.com) Message-ID: <512CF98D.60709@bogus.com> Date: Tue, 26 Feb 2013 10:06:05 -0800 From: joel jaeggli User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:19.0) Gecko/20130117 Thunderbird/19.0 MIME-Version: 1.0 CC: wpkops WG References: <20130226175852.30207.99617.idtracker@ietfa.amsl.com> In-Reply-To: <20130226175852.30207.99617.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Tue, 26 Feb 2013 18:06:09 +0000 (UTC) Subject: Re: [wpkops] WG Action: Formed Web PKI OPS (wpkops) X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2013 18:06:10 -0000 Just as a note on the personnel. The goal is not to have two chairs from entrust. Sharon is subbing for Tim for the time-being. We are looking to add a second or third in this case chair and eventually fall back to two. thanks joel On 2/26/13 9:58 AM, The IESG wrote: > A new IETF working group has been formed in the Operations and Management > Area. For additional information please contact the Area Directors or the > WG Chairs. > > Web PKI OPS (wpkops) > ------------------------------------------------ > Current Status: Proposed Working Group > > Chairs: > Sharon Boeyen > Tim Moses > > Assigned Area Director: > Ronald Bonica > > Mailing list > Address: wpkops@ietf.org > To Subscribe: https://www.ietf.org/mailman/listinfo/wpkops > Archive: http://www.ietf.org/mail-archive/web/wpkops/ > > Charter of Working Group: > > The Web Public Key Infrastructure (PKI) is the set of systems, > policies, and procedures used to protect the confidentiality, > integrity, and authenticity of communications between Web > browsers and Web content servers. The Web PKI is used in > conjunction with security protocols such as TLS/SSL and OCSP. > > More specifically, the Web PKI (as considered here) consists of > the fields included in the certificates issued to Web content > and application providers by Certification Authorities (CAs), > the certificate status services provided by the Authorities to > Web browsers and their users, and the TLS/SSL protocol stacks > embedded in web servers and browsers. > > The Web PKI Operations (wpkops) working group will work to > improve the consistency of Web security behavior. It will > address the problems caused by the many hundreds of variations > of the Web PKI currently in use: > > - For end-users (i.e. relying parties), there is no clear view > of whether certificate "problems" remain once they see an > indication of a "good" connection. For instance, in some > browsers, a "good" indication is displayed when a "revoked" > response has been received and "accepted" by the user, > whereas other browsers refuse to display the contents under > these circumstances. > > - Many certificate holders are unsure which browser versions > will reject their certificate if certain certificate profiles > are not met, such as a subject public key that does not > satisfy a minimum key size, or a certificate policies > extension that does not contain a particular standard policy > identifier. > > - Certificate issuers (i.e., CAs) find it difficult to predict > whether a certificate chain with certain characteristics will > be accepted. For instance, some browsers include a nonce in > their OCSP requests and expect one in the corresponding > responses, not all servers include a nonce in their replies, > and this means some certificate chains will validate while > others won't. > > The working group's goal is to describe how the Web PKI > "actually" works in the set of browsers and servers that are in > common use today. To that end, the working group will document > current and historic browser and server behavior. For each > this will include: > > - The trust model on which it is based; > - The contents and processing of fields and extensions; > - The processing of the various revocation schemes; > - How the TLS stack deals with PKI, including varying > interpretations and implementation errors, as well as state > changes visible to the user. > - The state changes that are visible to and/or controlled by > the user (to help predict the decisions that will be made the > users and so determine the effectiveness of the Web PKI). > - Identification of when Web PKI mechanisms are reused by other > applications and implications of that reuse. > > Where appropriate, specific products and specific versions of > those products will be identified, but recording the design > details of the user interfaces of specific products is not > necessary. > > Only server-authentication behavior encountered in more than 0.1 > percent of connections made by desktop and mobile browsers is to > be considered. While it is not intended to apply the threshold > with any precision, it will be used to justify the inclusion or > exclusion of a technique. > > A number of activities are outside the immedaiate scope of this > working group, but might be considered in future re-chartering > activity or included in the work of other working groups: > > - The working group will not work to describe how thw Web PKI > "should work. > - The working group will not examine the certification > practices of certificate issuers. > - The working group will not investigate applications (such as > client authentication, document signing, code signing, and > email) that often use the same trust anchors and certificate > processing mechanisms as those used for Web server > authentication. > > Given the urgency of the required developments and the scale of > the task, it is agreed that adherence to the published > milestones will take precedence over completeness of the > results, without sacrificing technical correctness. > > Milestones: > Jun 2013 - First WG draft of 'trust model' document > Oct 2013 - First WG draft of 'certificate revocation' document > Oct 2013 - First WG draft of 'TLS stack operation' document > Feb 2014 - First WG draft of 'field and extension processing for > certificates, CRLs, and OCSP responses' document > Jun 2014 - IESG submission of 'trust model' document > Jun 2014 - IESG submission of 'TLS stack operation' document > Oct 2014 - IESG submission of 'certificate revocation' document > Feb 2015 - IESG submission of 'field and extension processing for > certificates, CRLs, and OCSP responses' > > From paul.hoffman@vpnc.org Thu Feb 28 07:19:16 2013 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AAFA21F8BDB for ; Thu, 28 Feb 2013 07:19:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.691 X-Spam-Level: X-Spam-Status: No, score=-102.691 tagged_above=-999 required=5 tests=[AWL=-0.092, BAYES_00=-2.599, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PjT+tB2dHxYe for ; Thu, 28 Feb 2013 07:19:15 -0800 (PST) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id CF2BC21F8BC5 for ; Thu, 28 Feb 2013 07:19:15 -0800 (PST) Received: from [10.20.30.90] (50-1-98-12.dsl.dynamic.sonic.net [50.1.98.12]) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.5) with ESMTP id r1SFJBlF017619 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 28 Feb 2013 08:19:12 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) From: Paul Hoffman Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Thu, 28 Feb 2013 07:19:12 -0800 Message-Id: <6B236E1B-1106-4F16-A4FB-3FC1F9F19D9C@vpnc.org> To: Sharon Boeyen , Tim Polk Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) X-Mailer: Apple Mail (2.1499) Cc: wpkops WG Subject: [wpkops] Volunteering to write WG documents X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2013 15:19:16 -0000 Greetings again. The WG chairs are the ones who choose authors/editors = for WG documents. At the BoF, Adam Langley and I volunteered to edit the = "TLS stack operation" document. I spoke with Adam yesterday, and he's = still interested, as am I. We can give a short presentation about what = we think a good format for the document would be in Orlando, and then = have a first skeletal draft out soon after the meeting. Please let us = know if you would like us to be the editors for this document so we can = prepare for the meeting. --Paul Hoffman=