Before people get too far into conspiracy theories with this, I should point out that health certificates have been part of corporate Windows environments for years (I don't know how many exactly, I think it's been since at least Server 2003). The intent of health certs is that it allows the IT department to manage PCs by allowing checks that they have the latest AV updates installed, the corporate desktop background and Windows theme, the corporate mail client in an up-to-date version, and so on. In other words it's a configuration management solution. Think cfengine with certs.
In this case it looks like a MS spokesperson has decided that the existing cfengine-with-certs approach used in corporate environments would work on an ISP-wide or even nation-wide level. It's no conspiracy theory, just a case of either cluelessness about scaling issues or misreporting of a blue-sky, what- if proposal. I'd guess it's the latter. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com