On Tue, Aug 09, 2022 at 03:59:01PM -0700, Eric Rescorla wrote: > > Be that as it may, the browsers generally require conformance to the BRs > (see, for > instance > https://urldefense.com/v3/__https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/__;!!GjvTz_vk!UPmxyrKmaL10wJG8moM9lRB_dy37NNBtZYo3xVxxNx1_6JSsjXC25--ngicIeypX3KAVLzA$ > > S 2.3, > https://urldefense.com/v3/__https://www.chromium.org/Home/chromium-security/root-ca-policy/__;!!GjvTz_vk!UPmxyrKmaL10wJG8moM9lRB_dy37NNBtZYo3xVxxNx1_6JSsjXC25--ngicIeypXz_sK-Pc$ > S 1) > so what the BRs say is relevant in this discussion.
While it seems almost inevitable that the Web PKI will be used for some deployments of NTS, it also seems that NTS as a protocol is quite untethered to browser behavior or the Web PKI. So while I agree that the CABF BRs are relevant, they probably ought not be treated as the sole authority. -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
