On Tue, Feb 18, 2014 at 8:54 PM, William Chan (陈智昌)
<willchan@chromium.org>wrote:
> Good point. This is a controversial topic that we're unlikely to see
> consensus on in the near future. Let me ask another question. Is there
> a user agent that plans on supporting this proposal? At the Zurich
> interim, IIRC, Patrick (Firefox), Rob (IE/WinInet), and I (Chromium)
> all said we do not support this.
How can any vendor know whether or not they support a feature that has not
even been well described?
> If that's in error, please speak up.
> Otherwise, if no user agent plans on supporting this, I don't see the
> value of standardizing this.
>
The value has been stated repeatedly. If we don't standardize it, then the
security of your users measurably goes down. Getting users to install
private trust anchors that are known to be not as well protected as the
rest of the trust anchors does a disservice to Internet security.
--Paul Hoffman