Thank you, Ben. In the blog, there are few suggestions around how site owners can be notified when changes to their certificates are detected. This technically allows the site owner to be in full control of decision making with respect to "his" certificates and decide whether newly reported certificates are fraudulent or not. This solution has some interesting privacy preserving properties to it that we would like to present at the WG meeting. You are right that the goal of this proposal is not to provide public logs.
-----Original Message----- From: Ben Laurie [mailto:[email protected]] Sent: Wednesday, February 26, 2014 5:35 AM To: Anoosh Saboori Cc: Melinda Shore; [email protected]; Magnus Nystrom; Anthony Nadalin; [email protected]; Nelly Porter Subject: Re: [therightkey] Dealing with fraudulent certificates via certificate reputation On 25 February 2014 02:01, Anoosh Saboori <[email protected]> wrote: > Hello, > > We would like to introduce certificate reputation, which was shipped as part > of IE 11. This feature aims to address some of the issues with Web PKI that > were raised by Diginotar and Comodo incidents. We asked to take few minutes > on the trans WG meeting in the next IETF meeting to present this feature and > chairs requested us to start a thread on this in WG mailing list. Please see > below for description of this feature. > > http://blogs.technet.com/b/pki/archive/2014/02/22/a-novel-method-in-ie > 11-for-dealing-with-fraudulent-digital-certificates.aspx I think this is great stuff, but is it appropriate for trans? It doesn't involve a public log at all (why not?) - perhaps better suited for the tls WG meeting? Or are you considering aligning with the goals of the trans WG? _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
