Of possible interest...
Subject: [SSL Observatory] Sovereign Keys: an EFF proposal for more secure
TLS authentication
From: Peter Eckersley <p...@eff.org>
Date: Fri, 18 Nov 2011 14:31:42 -0800
To: observat...@eff.org
For quite a while at EFF, we've been pondering different possible solutions to
the structural insecurities that are present in PKIX (and, to a lesser but
still quite significant extent, DNSSEC).
This year, our thinking solidified around an idea for using append-only data
structures to store keys. We are publishing this proposal for the first time
today:
https://eff.org/sovereign-keys
On that page you can find links to a high level overview and detailed design
docs. The design has a number of nice features, including very strong
resistance to server impersonation attacks and automatic failover to secure
routing methods (ideally, Tor hidden services) when server impersonation
occurrs.
It should be read as a long-term, moderately ambitious proposal. Even if the
Internet community likes this design or something similar, less systematic
solutions (various forms of pinning, Perspectives/Convergence, the
Decentralized SSL Observatory) will certainly remain necessary and important
for at least a number of years.
--
Peter Eckersley p...@eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
