[cabfpub] Future of WebPKI at F2F

Kirk Hall Kirk.Hall at entrustdatacard.com
Sat Mar 11 10:25:18 MST 2017


Peter (and all): I sent out the revised draft Agenda for the upcoming F2F meeting, and have received no additional suggestions for topics for discussion.  We have roughly 2 hours of time open in the second day.

If we don't come up with additional discussion items for these 2 hours, we will likely extend the discussion periods for the Future of WebPKI sessions.

Are there additional topics for the main discussion period?

-----Original Message-----
From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Peter Bowen via Public
Sent: Saturday, March 11, 2017 8:23 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Peter Bowen <pzb at amzn.com>
Subject: [cabfpub] Future of WebPKI at F2F

At the upcoming F2F we have several agenda slots to discuss the Future of WebPKI.  I've agreed to shepherd these slots.

We are going to use an unconference format for these slots.  We will collect a list of potential discussion topics and spend a little time on Wednesday sorting them and getting indications of interest in each topic.  We will then take the ones with the highest interest and run three sets of breakout sessions to discuss them.  For each breakout session slot there will be multiple simultaneous topics.   At the end of each breakout, we will convene back as a large group and hear a brief (10 minute) summary from each breakout.

Potential topics can come from anyone.  I would invite people to post ideas to the public list or questions list or to email me directly.  At the F2F, there will be a drop box for additional ideas that will be open through lunch on Wednesday.

If you are not attending the F2F, or are not a Forum member, please still contribute topics you think we should consider discussing.

Here are some ideas of either topics to discuss or goals for the WebPKI that can inspire a discussion topic:

* How do we get to 95%+ of websites available over HTTPS with strong ciphersuites?
* Making HTTPS the default mode of browsers and making HTTP connections specifically marked as untrusted
* Full publication for all issued publicly-trusted certificates, whether that’s via CT, a related mechanism, or something else entirely
* Certificate lifetime reduction to 13 months within 3 years, and 3-6 months in 5 years
* Much greater use of automation for certificate replacement, using standard protocols
* CAA fully deployed and implemented
* Multiple hash functions widely supported
* Better elliptic curves widely supported
* Initial support for post-quantum crypto algorithms
* What should the role of RAs be in the WebPKI?
* Should we have a base set of expectations for publicly trusted CAs regardless of type of certificate?
* How should CT information be delivered?  Should all CAs include SCTs in OCSP responses?
* What requirements should there be on the use of virtualization technology when used in CA systems?
* Should name constrained CAs exist in the WebPKI?  If so, what value do they provide?
* How do we enable more algorithms in the WebPKI (for example, EC signature standards from around the world)?
* Enhancing DANE with EV -- giving website owners the best of both worlds
* Using signature malleability to expedite certificate issuance
* High assurance favicons using polyglot certificates

To be clear, not all of these will be discussed or are even good ideas.  We will decide what to discuss at the F2F.

Please suggest other ideas.  For those I receive via email (pzbowen at gmail.com or pzb at amazon.com ), I will only be posting the topic idea, not the submitter.

Thanks,
Peter
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Draft Meeting 40 Agenda (3-9-2017).pdf
Type: application/pdf
Size: 349061 bytes
Desc: Draft Meeting 40 Agenda (3-9-2017).pdf
URL: <http://cabforum.org/pipermail/public/attachments/20170311/43d6dbfd/attachment-0001.pdf>


More information about the Public mailing list