Closed dadrian closed 4 months ago
dennisjackson
commented
4 months ago The proposed use cases of Trust Expressions / Trust Anchors are described in the other document. If you feel there's a use case missing there, please feel free to suggest it. As far as I understand what you're raising, these aspects are discussed in Adding and Removing a CA sections in the existing comments.
nharper
commented
4 months ago I understand https://github.com/dennisjackson/trust-negotiation-comments/issues/8#issuecomment-2241267906 to say that the property of root programs making trust decisions at different times (which leads to divergence and fragmentation) is already discussed in the use cases document and does not need to be discussed in the risks document.
I assume that since this property does not need to be discussed in the risks document, you are stating that there are no risks associated with the divergence and fragmentation of root stores making trust decisions at different times, and this divergence and fragmentation only benefits the Web PKI ecosystem.
The divergence described in this section is based entirely around root programs strengthening or loosening requirements, and presents analysis based on the cause of divergence solely being strength of requirements.
This analysis is incomplete because it does not take into account divergence based on contents, both point in time across root stores (because root stores operator independently and make decisions at different times), and temporal within a single root store (because clients have different versions of the same root store).
This divergence presents a burden on server operators today that is not discussed in this section. Instead, but only considering the ability of root programs to vary their requirements, it suggests that divergence is not something that happens currently. This is false—root programs consistently make trust decisions at different times. For example, one root program may distrust a CA weeks to months before another root program, or may trust a new root months or years before another root program, or may rotate keys of an existing root on a different timeline from other root programs.
Any discussion of divergence and fragmentation is incomplete and inaccurate without acknowledging the full state of existing divergence and fragmentation.