Re: [therightkey] Dealing with fraudulent certificates via certificate reputation

2014-02-27 Thread Anoosh Saboori
Thank you, Ben. In the blog, there are few suggestions around how site owners 
can be notified when changes to their certificates  are detected. This 
technically allows the site owner to be in full control of decision making with 
respect to "his" certificates and decide whether newly reported certificates 
are fraudulent or not. This solution has some interesting privacy preserving 
properties to it that we would like to present at the WG meeting. You are right 
that the goal of this proposal is not to provide public logs.

-Original Message-
From: Ben Laurie [mailto:b...@google.com] 
Sent: Wednesday, February 26, 2014 5:35 AM
To: Anoosh Saboori
Cc: Melinda Shore; tr...@ietf.org; Magnus Nystrom; Anthony Nadalin; 
therightkey@ietf.org; Nelly Porter
Subject: Re: [therightkey] Dealing with fraudulent certificates via certificate 
reputation

On 25 February 2014 02:01, Anoosh Saboori  wrote:
> Hello,
>
> We would like to introduce certificate reputation, which was shipped as part 
> of IE 11. This feature aims to address  some of the issues with Web PKI that 
> were raised by Diginotar and Comodo incidents. We asked to take few minutes 
> on the trans WG meeting in the next IETF meeting to present this feature and 
> chairs requested us to start a thread on this in WG mailing list. Please see 
> below for description of this feature.
>
> http://blogs.technet.com/b/pki/archive/2014/02/22/a-novel-method-in-ie
> 11-for-dealing-with-fraudulent-digital-certificates.aspx

I think this is great stuff, but is it appropriate for trans? It doesn't 
involve a public log at all (why not?) - perhaps better suited for the tls WG 
meeting? Or are you considering aligning with the goals of the trans WG?
___
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey


[therightkey] Dealing with fraudulent certificates via certificate reputation

2014-02-24 Thread Anoosh Saboori
Hello,

We would like to introduce certificate reputation, which was shipped as part of 
IE 11. This feature aims to address  some of the issues with Web PKI that were 
raised by Diginotar and Comodo incidents. We asked to take few minutes on the 
trans WG meeting in the next IETF meeting to present this feature and chairs 
requested us to start a thread on this in WG mailing list. Please see below for 
description of this feature.

http://blogs.technet.com/b/pki/archive/2014/02/22/a-novel-method-in-ie11-for-dealing-with-fraudulent-digital-certificates.aspx
 

Thank you,
Anoosh

___
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey