Opened 7 years ago

Last modified 7 years ago

#38 new enhancement

Client Behavior: A separate document for specifying client behavior

Reported by: kent@… Owned by:
Priority: minor Milestone:
Component: client-behavior Version:
Severity: - Keywords:
Cc:

Description

Section 5.2 contains some comments about TLS client behavior, but the text is far from complete. If there is no spec for client behavior, the clients cannot be viewed as a means to "encourage" CAs and cert Subjects to acquire SCTs. If there is agreement that CT must support incremental deployment, specification of client behavior is critical. This text needs to be substantially revised to provide a viable description of client behavior.

Change History (3)

comment:1 Changed 7 years ago by eranm@…

  • Priority changed from blocker to minor
  • Summary changed from client behavior to Client Behavior: A separate document for specifying client behavior
  • Type changed from defect to enhancement

Per the discussion in IETF 91 (see minutes here: http://www.ietf.org/proceedings/91/minutes/minutes-91-trans), seems there's a consensus for:

  • Specifying client behaviour in a separate document.
  • In RFC6962-bis, listing the situations the client could encounter (which is not likely to be an exhaustive list), without specifying exactly how it should behave in each and every situation.
  • In the security considerations section, we will specify what *not* doing certain, non-mandatory checks would imply.

We'll create a new ticket for listing the situations the client could encounter and leave this ticket for tracking the client behaviour document.

comment:2 Changed 7 years ago by eranm@…

  • Owner draft-ietf-trans-rfc6962-bis@… deleted

comment:3 Changed 7 years ago by melinda.shore@…

  • Component changed from rfc6962-bis to client-behavior
Note: See TracTickets for help on using tickets.