Thank you, Ben. In the blog, there are few suggestions around how site owners
can be notified when changes to their certificates are detected. This
technically allows the site owner to be in full control of decision making with
respect to "his" certificates and decide whether newly reported certificates
are fraudulent or not. This solution has some interesting privacy preserving
properties to it that we would like to present at the WG meeting. You are right
that the goal of this proposal is not to provide public logs.
-Original Message-
From: Ben Laurie [mailto:b...@google.com]
Sent: Wednesday, February 26, 2014 5:35 AM
To: Anoosh Saboori
Cc: Melinda Shore; tr...@ietf.org; Magnus Nystrom; Anthony Nadalin;
therightkey@ietf.org; Nelly Porter
Subject: Re: [therightkey] Dealing with fraudulent certificates via certificate
reputation
On 25 February 2014 02:01, Anoosh Saboori wrote:
> Hello,
>
> We would like to introduce certificate reputation, which was shipped as part
> of IE 11. This feature aims to address some of the issues with Web PKI that
> were raised by Diginotar and Comodo incidents. We asked to take few minutes
> on the trans WG meeting in the next IETF meeting to present this feature and
> chairs requested us to start a thread on this in WG mailing list. Please see
> below for description of this feature.
>
> http://blogs.technet.com/b/pki/archive/2014/02/22/a-novel-method-in-ie
> 11-for-dealing-with-fraudulent-digital-certificates.aspx
I think this is great stuff, but is it appropriate for trans? It doesn't
involve a public log at all (why not?) - perhaps better suited for the tls WG
meeting? Or are you considering aligning with the goals of the trans WG?
___
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey