[cabfpub] Ballot 129 - Update PSL language in BR 11.1.3
Gervase Markham
gerv at mozilla.org
Mon Jul 21 02:31:34 MST 2014
On 20/07/14 02:34, Brian Smith wrote:
> On Fri, Jul 18, 2014 at 3:56 AM, Gervase Markham <gerv at mozilla.org> wrote:
>> If the process for making this determination is standardized by an RFC,
>> then such a procedure SHOULD be preferred.
>
> I think that this part is very problematic.
I would note that this part is already in the document, and has been
since we wrote this section. Of course, that doesn't mean we can't
change it.
> Firstly, there are lots of kinds of RFCs; presumably you mean "IETF
> proposed standard or IETF standard."
Probably; I think the chances of people going off and following some
random RFC on this topic which wasn't meant for that purpose are low.
> Secondly, it also assumes that any IETF standard will be a good one
> that is reasonable for us all to implement (and also that there is
> only one such standard). I don't think that is a safe assumption. It
> is far from clear that any DNS-based solution will have good enough
> performance characteristics, and more generally it isn't clear that a
> standardized mechanism will be technically superior to the use of the
> PSL for the same purpose, though of course we would hope that would be
> the case.
The issues which might prevent such a standard being used in real time
by browsers probably are not nearly as great for certificate issuance.
Having said that, you are right that it is at least possible that the
ICANN/PRIVATE split might not make it into an IETF standard, which would
mean further guidance would be needed anyway.
Would anyone object to removing this sentence?
Gerv
More information about the Public
mailing list