Minutes

BoF: WPKOPS

IETF 85, Atlanta, US

5 Nov 2012

1. Tim Moses reminded the audience of the Note Well requirements.  He then reviewed the agenda:

http://www.ietf.org/proceedings/85/agenda/agenda-85-wpkops

He gave an introduction to WPKOPS:

http://www.ietf.org/proceedings/85/slides/slides-85-wpkops-0.pdf

He reviewed the history of the initiative, emphasizing that, were a working group to be formed, it would not invent new protocols.
He presented the problem statement:

“Correct operation of the Web PKI depends upon coordination in the implementation, configuration, and deployment of its components (servers, clients, and certification authorities).  These components are commonly developed and operated by unrelated organizations, yet important aspects of their functionality are not publicly well specified.  This frequently leads to problems for the Web PKI's participants (application owners, infrastructure providers, and equipment vendors).  Documenting these problems and their causes is required in order to have a basis for overcoming them.”

He said that the following people had volunteered to edit the documents identified in the charter:

Trust model - Iñigo Barreira, Bruce Morton 
Certificate, CRL, and OCSP field and extension processing - Ben Wilson, Robin Alden 
Revocation - Phillip Hallam-Baker, Gary Gapinski 
TLS stack operation - Adam Langley

2. The Web-app operator’s perspective

Jeff Hodges presented.

http://www.ietf.org/proceedings/85/slides/slides-85-wpkops-3.pdf

3. The CA’s perspective

Ben Wilson presented.

http://www.ietf.org/proceedings/85/slides/slides-85-wpkops-2.pdf

The discussion went to whether or not aspects of UI should be considered in-scope.  It was decided that functional aspects of user interaction should be in-scope.  But aspects of style (such as colours and symbols) should not.

4. Outstanding questions

The following questions were posed to the audience:

1) Is the problem clear, well-scoped, solvable, and urgent?

This was agreed.

2) Do we believe that product vendors will take notice?

Generally, people felt that there is value in documenting the current situation whether or not vendors take notice.

3) Is the proposed charter (Draft 4) suitable?

There was some discussion on the charter.  It was confirmed that the proposed working group (within the Operations and Management Area) would not attempt to *specify* behavior.  It would merely create a record of how the Web PKI behaves today.
Consensus emerged that the charter should permit discussion of functional aspects of UI.

It was suggested that (where the information is available and helpful) the reasons for certain design decisions should be captured.  This will avert future design decisions that could have unexpected and unfortunate side-effects.

There was some discussion concerning whether or not the deliverables should identify the behavior characteristics of particular products.  It was agreed that they should.

4) Are there others willing to serve as editors?

No one volunteered on the spot.

5) Who is willing to review documents and/or comment on the mailing list?

Twenty people volunteered to review and comment on drafts produced by a working group, if one were to be formed.

6) Who feels that a working group should not be formed?

The views of the audience were tested by a hum.  There was strong support for forming a working group.

7) Who feels that a working group should be formed?

One unidentified participant dissented.

5. Ron Bonica indicated that he was satisfied with the outcome.