On Sun, Sep 08, 2013 at 03:13:39PM -0400, John C Klensin wrote:
On the CA side, one of the things I think is needed is a rating
system (or collection of them on a "pick the rating service you
trust" basis) for CAs, with an obvious extension to PGP-ish key
signers. In itself, that isn't a problem with which the IETF
can help.
Well, it _was_: we had a whole working group (REPUTE) that was
established to try to provide a protocol for such rating systems.
Participation was poor. In particular, it was very difficult to get
high quality document review. LC just ended on most of the documents,
I note.
Best,
A
--
Andrew Sullivan
ajs(_at_)anvilwalrusden(_dot_)com