Re: [Trans] [therightkey] Dealing with fraudulent certificates via certificate reputation
Ben Laurie <benl@google.com> Wed, 26 February 2014 13:34 UTC
Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A94D1A02AC for <trans@ietfa.amsl.com>; Wed, 26 Feb 2014 05:34:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.926
X-Spam-Level:
X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rr8-t0bZqvi9 for <trans@ietfa.amsl.com>; Wed, 26 Feb 2014 05:34:53 -0800 (PST)
Received: from mail-ve0-x233.google.com (mail-ve0-x233.google.com [IPv6:2607:f8b0:400c:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id 3855A1A033E for <trans@ietf.org>; Wed, 26 Feb 2014 05:34:43 -0800 (PST)
Received: by mail-ve0-f179.google.com with SMTP id oz11so2140792veb.38 for <trans@ietf.org>; Wed, 26 Feb 2014 05:34:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=G0LzLqA8VN9xqw4udALs2KPkuNV4spPuvtvkKKYUV/o=; b=ZT8IrywndJDQp5IQPlMOZz2FA0ldZp0SODX3xJztUKHimFeYjyR90eJNOJbbYTkrl/ bMYuQe+K/XIWFfMglRyaVEa5T0oyBLJr9fUuvroDsTzjmQ8P2lI22uCPJmdykpnPqVZ5 pbxITUQEEaHK5jWzCdqKxTt7J4KRz1h25LulHLGuBihnmXcFvnbcYp2iUTVLVX9EUDPJ j6p9jY7Ucnvfiem6FE7Bq+BtLQrb0Qje+6ljacLjioj+tuwwSEVwMMZO7u5xVlxb+fa2 nRh+bOic/Ge8NAlPRumMJNnXSRqYsM1BKJzgqWkATo1I7AszC02DVMg5dwH96PKFKx7Q qJqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=G0LzLqA8VN9xqw4udALs2KPkuNV4spPuvtvkKKYUV/o=; b=HqVUVjrxWBmzbhlEyaoeNY6w0Bn3REHiZQA405Z3fnuGCgqQdxzAxWe0qG+zpuPdmq fVdzxZXbdVRZWp7sUVpO4QAceNXR9z1307+oXKiF5Pu6Fenbb3/1OA1K/AFv5tXDzUYH T0uWWG9ImNxGeEqzPn2K0E4LYPkGY7oFF2rZwQXUwUyEgBeHeXUttGvmyYNH8VIguq7o 98tpACGZrifQLWMT6efJXHjSr5PCXH4Ie2K6M1MI2+orv+2Y0AJAql0VRbZ3WDWZZ+8g pLuwym3MuDHVKfQMp9qPYYIMIVgA2jvnAMticnmIlNgh/9ghXsVgrFiXvmckfRr5zq+q sbQQ==
X-Gm-Message-State: ALoCoQlT1cKPLt/wI0YI0SG03F2G89XS+kFDIqJ/TkV+Yr3USOXrus6T2HUm1KGOXQINzDHUTarCeik1a8/WWYn11rbs/BxZ3gf+2eSSiHkpKAn6c6VXzaQ+XtzsHwcrkX2UnXdiRb8hhYhEpImi7+DPC+9cTfP8gCEiQ+2dK7A7q80r++oZHqw2L5JKI+4jVci02Cu4YWR6
MIME-Version: 1.0
X-Received: by 10.52.155.66 with SMTP id vu2mr55310vdb.50.1393421681836; Wed, 26 Feb 2014 05:34:41 -0800 (PST)
Received: by 10.52.230.105 with HTTP; Wed, 26 Feb 2014 05:34:41 -0800 (PST)
In-Reply-To: <873b20cac6834d9cb347dee1e131dad2@BL2PR03MB467.namprd03.prod.outlook.com>
References: <873b20cac6834d9cb347dee1e131dad2@BL2PR03MB467.namprd03.prod.outlook.com>
Date: Wed, 26 Feb 2014 13:34:41 +0000
Message-ID: <CABrd9SQRQVH2YuoWzQDqFj6YvxjHuUJfDF30fUTANXy-d4tTYQ@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Anoosh Saboori <ansaboor@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/DZ3eLSKPqGizYj93oxUGi-Zh0KY
Cc: Anthony Nadalin <tonynad@microsoft.com>, "therightkey@ietf.org" <therightkey@ietf.org>, "trans@ietf.org" <trans@ietf.org>, Melinda Shore <melinda.shore@gmail.com>, Nelly Porter <nellyp@exchange.microsoft.com>, Magnus Nystrom <mnystrom@microsoft.com>
Subject: Re: [Trans] [therightkey] Dealing with fraudulent certificates via certificate reputation
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2014 13:34:54 -0000
On 25 February 2014 02:01, Anoosh Saboori <ansaboor@microsoft.com> wrote: > Hello, > > We would like to introduce certificate reputation, which was shipped as part of IE 11. This feature aims to address some of the issues with Web PKI that were raised by Diginotar and Comodo incidents. We asked to take few minutes on the trans WG meeting in the next IETF meeting to present this feature and chairs requested us to start a thread on this in WG mailing list. Please see below for description of this feature. > > http://blogs.technet.com/b/pki/archive/2014/02/22/a-novel-method-in-ie11-for-dealing-with-fraudulent-digital-certificates.aspx I think this is great stuff, but is it appropriate for trans? It doesn't involve a public log at all (why not?) - perhaps better suited for the tls WG meeting? Or are you considering aligning with the goals of the trans WG?
- [Trans] Dealing with fraudulent certificates via … Anoosh Saboori
- Re: [Trans] [therightkey] Dealing with fraudulent… Ben Laurie
- Re: [Trans] [therightkey] Dealing with fraudulent… Anoosh Saboori