[Trans] Dealing with fraudulent certificates via certificate reputation

Anoosh Saboori <ansaboor@microsoft.com> Tue, 25 February 2014 02:01 UTC

Return-Path: <ansaboor@microsoft.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD09A1A0398; Mon, 24 Feb 2014 18:01:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mu2dKxOkSdYE; Mon, 24 Feb 2014 18:01:12 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0157.outbound.protection.outlook.com [207.46.163.157]) by ietfa.amsl.com (Postfix) with ESMTP id 0F5BB1A0221; Mon, 24 Feb 2014 18:01:11 -0800 (PST)
Received: from BL2PR03MB467.namprd03.prod.outlook.com (10.141.92.23) by BL2PR03MB418.namprd03.prod.outlook.com (10.141.92.13) with Microsoft SMTP Server (TLS) id 15.0.883.10; Tue, 25 Feb 2014 02:01:09 +0000
Received: from BL2PR03MB467.namprd03.prod.outlook.com ([10.141.92.23]) by BL2PR03MB467.namprd03.prod.outlook.com ([10.141.92.23]) with mapi id 15.00.0883.010; Tue, 25 Feb 2014 02:01:09 +0000
From: Anoosh Saboori <ansaboor@microsoft.com>
To: Melinda Shore <melinda.shore@gmail.com>, "trans@ietf.org" <trans@ietf.org>
Thread-Topic: Dealing with fraudulent certificates via certificate reputation
Thread-Index: Ac8xzK0o1YcgswOlSnSDIRHhJZhbwQ==
Date: Tue, 25 Feb 2014 02:01:09 +0000
Message-ID: <873b20cac6834d9cb347dee1e131dad2@BL2PR03MB467.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [71.227.155.230]
x-forefront-prvs: 01334458E5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(199002)(189002)(81686001)(81816001)(33646001)(15975445006)(85852003)(56776001)(85306002)(83072002)(80976001)(4396001)(94316002)(83322001)(19580395003)(74876001)(74502001)(74662001)(31966008)(87936001)(2656002)(65816001)(66066001)(87266001)(56816005)(90146001)(80022001)(92566001)(47446002)(49866001)(94946001)(69226001)(81542001)(47976001)(47736001)(74316001)(63696002)(76786001)(76576001)(59766001)(77982001)(86362001)(76176001)(76796001)(74366001)(15202345003)(74706001)(50986001)(53806001)(54356001)(86612001)(93516002)(93136001)(81342001)(79102001)(51856001)(54316002)(76482001)(95416001)(46102001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL2PR03MB418; H:BL2PR03MB467.namprd03.prod.outlook.com; CLIP:71.227.155.230; FPR:7272C748.9AB064C6.43DB0D43.D85A3729.2012E; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/N2qUJXUtZjASHMjFQPr3nV1WlTw
Cc: Magnus Nystrom <mnystrom@microsoft.com>, Anthony Nadalin <tonynad@microsoft.com>, "therightkey@ietf.org" <therightkey@ietf.org>, Nelly Porter <nellyp@exchange.microsoft.com>
Subject: [Trans] Dealing with fraudulent certificates via certificate reputation
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2014 02:01:13 -0000

Hello,

We would like to introduce certificate reputation, which was shipped as part of IE 11. This feature aims to address  some of the issues with Web PKI that were raised by Diginotar and Comodo incidents. We asked to take few minutes on the trans WG meeting in the next IETF meeting to present this feature and chairs requested us to start a thread on this in WG mailing list. Please see below for description of this feature.

http://blogs.technet.com/b/pki/archive/2014/02/22/a-novel-method-in-ie11-for-dealing-with-fraudulent-digital-certificates.aspx 

Thank you,
Anoosh