Hi, Eric, responding as an individual.
Obviously, I disagree with your basic claim that it is too early to
write a document like this. I've asked the sponsoring AD to make a
consensus call on whether we have sufficient support to be making this
sort of statement. If not, then I'll be happy to take my document to
the rfc editor. However I think it is completely pointless for us to
argue about that particular issues: we're not going to agree.
I disagree that the references need to be significantly expanded. I
am familiar with the work you cited in your message. If you would
like to propose specific text that improves the document and cites
those references I'd like to consider your specific text suggestions.
It seems you have read the document and think I favor ZKPP protocols.
It's certainly true that in a world without patents I think they would
be interesting to explore. However I wanted to discuss them mostly
because I thought that the patent problem was important to turn out.
It's certainly true that I have thought about what solutions I'd like
to see. I think the solutions will likely be in the challenge
response at the HTTP level or TLS-PSK space.
I think the primary concern will be what we can manage to get deployed
not protocol details.
I've tried not to expose that too much in the document; I understand we
disagree.
I would like to make some changes based on your comments.
First, I would like to make a pass to improve the separation between
user interface and protocol. I doubt I'll get to a level you'll be
happy with.
Second, I'd like to address your comment about WPE and enrollment.
Finally, I see no problem correcting areas where I was less precise
than you wished I had been. Examples of this include conflating the
TLS and HTTPS layer in the introduction.
--Sam
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf