On Jan 18, 2020, at 8:55 AM, Ryan Sleevi <ryan-i...@sleevi.com> wrote: > > No. The root store operators make the rules. Standards that align with their > needs are the standards they use and apply. > > Nothing you say or do has any impact without implementor, and if you go > against the grain of where implementors are going or already at, they are > useless standards that will be ignored. > > It would similarly be a mistake to think “Ah, but I control an SMTP server, I > am thus an implementor and empowered”. You are indeed an implementor... for > your root store. And if existing contracts and requirements prevent a CA from > serving your needs from the same hierarchy they are serving other root store > needs, which they increasingly will, then again, there’s no real power unless > you define your own root store. > > When a vendor, be it Apple or Microsoft or Mozilla or Google, says a CA in > their root store needs to do something, they need to do it. If you don’t like > that, which the email clearly demonstrates, there isn’t a heckler’s veto via > the IETF: you instead need to create your own root store to do the things you > want or like. Attempting to change those policies via the IETF, without > understanding why they exist, just leads to IETF standards being ignored > because they are not useful nor aligned with the needs of consumers. > > Put differently: This is as explicitly an area of policy, not technology. As > tempting as it may seem to focus on individual problems and say “Ah, but > those could be addressed by technology and more standards,” without > appreciating the broader and big picture, which is inherently policy, the > work on the technology is doomed.
I don’t “have a dog in this fight”, being retired for several years now. However, I’ve been following this thread out of interest. I’ve long held that the problems with deployment and interoperability of PKI are in the business domain, not the technical domain. It’s interesting, and perhaps a bit disappointing, to see that it still the case. And now, back to your regular programming… Regards, Dave Nelson _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
