Re: [Trans] Future work

Rob Stradling <rob.stradling@comodo.com> Thu, 17 August 2017 10:45 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61ACD126B7E for <trans@ietfa.amsl.com>; Thu, 17 Aug 2017 03:45:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.189
X-Spam-Level:
X-Spam-Status: No, score=-4.189 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xt4bxk8jG2QF for <trans@ietfa.amsl.com>; Thu, 17 Aug 2017 03:45:14 -0700 (PDT)
Received: from mmextmx2.mcr.colo.comodoca.net (mmextmx2.mcr.colo.comodoca.net [IPv6:2a02:1788:402:c00::c0a8:9cd6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 917F0124E15 for <trans@ietf.org>; Thu, 17 Aug 2017 03:45:13 -0700 (PDT)
Received: (qmail 9919 invoked by uid 1004); 17 Aug 2017 10:45:11 -0000
Received: from rmdccgwarp1.reyn.mcr.dc.comodo.net (HELO maileu.comodo.net) (10.1.72.82) by mmextmx2.mcr.colo.comodoca.net (qpsmtpd/0.84) with ESMTP; Thu, 17 Aug 2017 11:45:11 +0100
Received: from [192.168.0.58] ([192.168.0.58]) by maileu.comodo.net (IceWarp 11.4.6.0 DEB8 x64) with ASMTP (SSL) id 201708171145115756; Thu, 17 Aug 2017 11:45:11 +0100
To: Melinda Shore <melinda.shore@gmail.com>, "trans@ietf.org" <trans@ietf.org>
References: <2a482e03-7ac9-d5e3-9d69-7694daf1265b@gmail.com>
From: Rob Stradling <rob.stradling@comodo.com>
Message-ID: <c8c8b879-cfb3-a3b7-b2ee-f6555ee445d1@comodo.com>
Date: Thu, 17 Aug 2017 11:45:11 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0
MIME-Version: 1.0
In-Reply-To: <2a482e03-7ac9-d5e3-9d69-7694daf1265b@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/tB8YhAapz_6RN9MJVMKlRCR9HK0>
Subject: Re: [Trans] Future work
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 10:45:19 -0000

On 16/08/17 20:25, Melinda Shore wrote:
<snip>
> So, we're looking for feedback on future work, and particularly
> on whether or not there are people working on drafts relevant to
> this working group, or people with plans to work on drafts.

Hi Melinda.

I've started work on a draft entitled Private Key Compromise 
Transparency (PKCT).  The idea is to enable anyone who finds a 
compromised private key to submit a "proof of compromise" to one or more 
public log(s).  It'll build on top of 6962-bis, defining a new 
VersionedTransType value, etc.

Providers of certificate revocation services (CAs and browser vendors) 
will be able to monitor these PKCT logs and take appropriate action. 
Since the "proofs of compromise" will be programmatically verifiable, it 
will become possible to automate existing, error-prone, manual processes 
(e.g., see [1]).


[1] 
https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online