Minutes IETF100: trans
minutes-100-trans-00

Meeting Minutes Public Notary Transparency (trans) WG
Title Minutes IETF100: trans
State Active
Other versions plain text
Last updated 2017-11-13

Meeting Minutes
minutes-100-trans

   

2017-11-13 15:52:03+0800
------------------------

IETF 100
trans WG

dkg taking notes
rsalz jabber scribing

----------

Question to room: are there objections in the room to Melinda and Paul
knocking out text to clear AD review for threat analysis draft?

No objections in the room.

----------

Linus Nordberg presents about Gossip

open question about whether we should refactor it.

Not many people have read the gossip draft.

----------

6962bis has no editors in the room.

ekr went through the revised document.  the issues he found should be
resolvable relatively quickly.

----------

Diego Lopez presents short-lived certs

first proposal seems to mix the idea about short-lived certs with
privacy-focused cert redaction.

STAR proposal has one long metacertificate which covers a range of
short-lived certificates.

This appears to be the moral equivalence of OCSP-must-staple

ekr+david+rsalz says that the it's unsafe to issue certs with less
than 1 day because clients clocks are sloppy

Without this STAR "collapsed cert series" proposal, log size will
grow, increasing cost to log operators (storage + bandwidth) and log
monitors (bandwidth).

Yoav Nir announces discussion about short-term certs Thursday evening.

------------------

Tadahiko Ito (Secom) presents Name Redaction

draft-strad-trans-redaction-01

motivates the need for this based on IoT devices that do not need full
web visibility.

some discussion around whether redaction is hash-based or just
entirely scrubbed.

open question about whether geo-information in certificate signed by
public CA is even possible.

symantec has issued 2 billion device certificates, to external devices.

some dispute over whether the use case described actually makes sense
-- if these are public devices, they should be on the public
infrastructure.  if they're not, they can use private CAs.

Ben Schwartz: raises DoS attack on the basis of domain name
publication.

Melinda Shore suggests returning to the CAB Forum

Hum: should IETF work on name redaction?   some hums for yes, silence for no.

What's going on with the Client Behavior draft?  we need browser
vendors to supply a draft, but none are volunteering.  Chrome CT folks
aren't present at all.

ekr says we should shut down the group if there are no active drafts.