On 16/08/17 20:25, Melinda Shore wrote:
<snip>
So, we're looking for feedback on future work, and particularly
on whether or not there are people working on drafts relevant to
this working group, or people with plans to work on drafts.
Hi Melinda.
I've started work on a draft entitled Private Key Compromise
Transparency (PKCT). The idea is to enable anyone who finds a
compromised private key to submit a "proof of compromise" to one or more
public log(s). It'll build on top of 6962-bis, defining a new
VersionedTransType value, etc.
Providers of certificate revocation services (CAs and browser vendors)
will be able to monitor these PKCT logs and take appropriate action.
Since the "proofs of compromise" will be programmatically verifiable, it
will become possible to automate existing, error-prone, manual processes
(e.g., see [1]).
[1]
https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
Trans mailing list
Trans@ietf.org
https://www.ietf.org/mailman/listinfo/trans