ACTION-697: Prepare for discussion of CA infrastructure weakness (e.g. DANE)

Prepare for discussion of CA infrastructure weakness (e.g. DANE)

State:
closed
Person:
Larry Masinter
Due on:
May 29, 2012
Created on:
April 12, 2012
Related emails:
  1. Re: Minutes from TAG call of the 24th (from rees@mumble.net on 2012-05-29)
  2. Preliminary agenda for the TAG teleconference of 24 May 2012 (from nrm@arcanedomain.com on 2012-05-22)
  3. draft minutes 5/17/2012 TAG teleconference (from masinter@adobe.com on 2012-05-17)
  4. Agenda for TAG Teleconference of 17 May 2012 (from nrm@arcanedomain.com on 2012-05-15)
  5. Re: Starting planning for TAG 17 May teleconference (from ashok.malhotra@oracle.com on 2012-05-14)
  6. Re: Starting planning for TAG 17 May teleconference (from rees@mumble.net on 2012-05-14)
  7. Starting planning for TAG 17 May teleconference (from nrm@arcanedomain.com on 2012-05-14)
  8. Re: TAG Teleconference of 10 May will be cancelled IF we don't come up with agenda items (from jeni@jenitennison.com on 2012-05-08)
  9. TAG Teleconference of 10 May will be cancelled IF we don't come up with agenda items (from nrm@arcanedomain.com on 2012-05-08)
  10. Draft minutes from 2012-05-03 TAG telcon (from jeni@jenitennison.com on 2012-05-03)
  11. Agenda for the TAG teleconference of 3 May 2012 (from nrm@arcanedomain.com on 2012-05-01)
  12. Re: TAG briefing on DANE and alternatives action-697 (from rees@mumble.net on 2012-04-26)
  13. Minutes from April 12 TAG Telcon (from ylafon@w3.org on 2012-04-26)
  14. Re: TAG briefing on DANE and alternatives action-697 (from nrm@arcanedomain.com on 2012-04-25)
  15. TAG briefing on DANE and alternatives action-697 (from masinter@adobe.com on 2012-04-24)

Related notes:

I believe this action was a resulting follow-up from the TAG "Issues of concern" memo http://lists.w3.org/Archives/Public/www-tag/2012Feb/0049.html pointing out the issue of weaknesses in the certificate authority system and the subsequent exchange with Jeff Jaffe, ending in http://lists.w3.org/Archives/Public/www-tag/2012Feb/0079.html

Some briefer, more concise presentation would be useful, but in the meanwhile, the following resources are available:


Latest DANE internet draft: http://tools.ietf.org/wg/dane/draft-ietf-dane-protocol/

Phllip Hallam-Baker paper about Comodo ttp://cryptome.org/2012/04/omnibroker.pdf

Richard Barnes article on DANE: http://isoc.org/wp/ietfjournal/?p=2584

There was also Mike Belshe's note
http://lists.w3.org/Archives/Public/www-tag/2012Feb/0053.html
pointing to:
http://www.imperialviolet.org/2012/02/05/crlsets.html

For a TAG discussion of the topic, best would be a briefing from an expert. Second best would be to recommend the Barnes article as mandatory reading, and the other links in this note as optional.

Larry Masinter, 25 Apr 2012, 04:10:07

Per discussion on 17 May, Larry to investigate inviting Hannes Tschofenig to join us on a teleconference.

Noah Mendelsohn, 18 May 2012, 14:21:20

Display change log.


Tim Berners-Lee <timbl@w3.org>, Peter Linss <w3c@linss.com>, Daniel Appelquist <appelquist@gmail.com>, Chairs, Yves Lafon <ylafon@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.326 2018/10/13 17:29:51 vivien Exp $