We have cut a new -03 version of the Trust Anchor Identifiers draft: URL: https://www.ietf.org/archive/id/draft-beck-tls-trust-anchor-ids-03.txt
Status: https://datatracker.ietf.org/doc/draft-beck-tls-trust-anchor-ids/ HTML: https://www.ietf.org/archive/id/draft-beck-tls-trust-anchor-ids-03.html While we didn’t get any mic time in Dublin to present the updates since our presentation in Vancouver, we had several conversations with attendees and have incorporated some suggested changes as a result. Changes include: - Removed remaining dependencies on text contained in the TLS Trust Expressions I-D - Switched the term “subscriber” to “authenticating party”, for the role that presents a certificate - Cleaned up the security and privacy considerations to be more concise - Simplified the optional ACME integration - Rearranged several sections for clarity - Clarified definition of trust anchors to better match RFC 5280 - Added a copy of the TrustAnchorIdentifiers ASN.1 module to the appendix - Fixed several typos throughout We'd also like to thank everyone for a very productive interim in October. It was good to see the broad interest in solving this problem, and to hear from the experiences of folks in the TLS ecosystem. For folks who had been mostly following the earlier Trust Expressions work, Trust Anchor Identifiers is the alternate design that we originally presented in Vancouver. It's quite different from Trust Expressions, so we invite you to take a look at the new draft. Based on the working group feedback from that session, there was a clear preference for Trust Anchor Identifiers, so recent changes have been focused entirely on this draft. We think the current state of Trust Anchor Identifiers draft is a good starting point for the working group. It follows the standard negotiation pattern used throughout TLS while aiming to be flexible and not specific to one particular PKI or type of TLS client. As always, we’re happy to talk through any questions or topics related to this draft. -Devon
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
