[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft Charter

To: Stephen Kent <kent@xxxxxxx>
Subject: Re: Draft Charter
From: Cat Okita <cat@xxxxxxxxxxxx>
Date: Thu, 16 Aug 2007 11:49:38 -0400 (EDT)
Cc: Yoav Nir <ynir@xxxxxxxxxxxxxx>, ietf-trust-anchor@xxxxxxxx, Thomas Hardjono <thardjono@xxxxxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
References: <AE1B6FDD5E39704DB2F38B6FC77D59A2011CB253@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <96F4992C-FAD6-4513-9ABE-81F08CE2998C@xxxxxxxxxxxxxx> <>
Reply-to: Cat Okita <cat@xxxxxxxxxxxx>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx


On Thu, 16 Aug 2007, Stephen Kent wrote:

I think what's typical for an Enterprise depends on the application. Ifwe're talking about browsers, then I think it's perfectly acceptable tohave two TAAs - one from the browser vendor (it shouldn't be my employer'stask to tell me that Verisign has a new root CA certificate - that'sMicrosoft's job) and the other being the corporate IT department. That'swhy I think each TAA should be able to manage its own (and only its own)trust anchors.
Even in this case I can see problems, I think several folks have noted thatthe default TAs currently installed in browsers ought to be subject to localmanagement, especially deletion! So, as a browser user in an enterprisecontext, I would not want a TAA installed by MS (or, in my case, Apple) to beable to maintain the presence of TAs even if my IT dept wants to remove them.

Agreed - we've already discussed the current problem of unwanted TAs beingsilently put back into browsers. It's also much easier to move from a

point of less privledge to granting more, rather than the other way around.

In your consumer space example, I again don't think SalesForce.com shouldbe able to delete bankofamerica.com's trust anchor. Perhaps there should beexception, such as if Microsoft learns that the bankofamerica.com TA reallybelongs to a phishing company, but I think each TAA should manage its ownas a general rule, and this should be enforced.
This example seems to suggest that a home user might have lots of TAAs, notjust a lot of TAs. I'd worry that the result would be unmanageable for mosthome users. Did I misunderstand your example?

If I recall correctly, the expectation was that home users might havelots of TAAs, but the likely situation would be that they'd take a

default trust set, and only dive down into the fine bits in a limited
number of circumstances (namely users like us...)

cheers!
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."

Follow-Ups:
- Re: Draft Charter
  - From: Stephen Kent

References:
- RE: Draft Charter
  - From: Thomas Hardjono
- Re: Draft Charter
  - From: Yoav Nir
- Re: Draft Charter
  - From: Stephen Kent

Prev by Date: Re: Draft Charter
Next by Date: RE: Issue with the requirements document: PKIX-centric terminology
Previous by thread: Re: Draft Charter
Next by thread: Re: Draft Charter
Index(es):
- Date
- Thread