Minutes IETF100: trans

Meeting Minutes Public Notary Transparency (trans) WG
Title Minutes IETF100: trans
State Active
Other versions plain text
Last updated 2017-11-13

Meeting Minutes

2017-11-13 15:52:03+0800

IETF 100
trans WG

dkg taking notes
rsalz jabber scribing


Question to room: are there objections in the room to Melinda and Paul
knocking out text to clear AD review for threat analysis draft?

No objections in the room.


Linus Nordberg presents about Gossip

open question about whether we should refactor it.

Not many people have read the gossip draft.


6962bis has no editors in the room.

ekr went through the revised document.  the issues he found should be
resolvable relatively quickly.


Diego Lopez presents short-lived certs

first proposal seems to mix the idea about short-lived certs with
privacy-focused cert redaction.

STAR proposal has one long metacertificate which covers a range of
short-lived certificates.

This appears to be the moral equivalence of OCSP-must-staple

ekr+david+rsalz says that the it's unsafe to issue certs with less
than 1 day because clients clocks are sloppy

Without this STAR "collapsed cert series" proposal, log size will
grow, increasing cost to log operators (storage + bandwidth) and log
monitors (bandwidth).

Yoav Nir announces discussion about short-term certs Thursday evening.


Tadahiko Ito (Secom) presents Name Redaction


motivates the need for this based on IoT devices that do not need full
web visibility.

some discussion around whether redaction is hash-based or just
entirely scrubbed.

open question about whether geo-information in certificate signed by
public CA is even possible.

symantec has issued 2 billion device certificates, to external devices.

some dispute over whether the use case described actually makes sense
-- if these are public devices, they should be on the public
infrastructure.  if they're not, they can use private CAs.

Ben Schwartz: raises DoS attack on the basis of domain name

Melinda Shore suggests returning to the CAB Forum

Hum: should IETF work on name redaction?   some hums for yes, silence for no.

What's going on with the Client Behavior draft?  we need browser
vendors to supply a draft, but none are volunteering.  Chrome CT folks
aren't present at all.

ekr says we should shut down the group if there are no active drafts.