On 28/11/11 08:00 AM, Ben Laurie wrote:
Given the recent discussion on Sovereign Keys I thought people might
be interested in a related, but less ambitious, idea Adam Langley and
I have been kicking around:
http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf.
I found this rather difficult to understand, it seemed bottom-up not
top-down. If one strips away the techno stuff, it seems to me to reduce
to this:
1. all valid certificates are to be published into a publically
viewable reliable log.
2. a subscriber has the responsibility of identifying improper
certificates in that log.
3. the existance of a certificate in the log is acceptable proof of
goodness for a browser.
Is that it, in minimalist form?
In analogous terms, is this like having the browser check EFF's
repository for a second opinion? Or, like OCSP but expanding the
servers to cover all certs from all CAs, and test on the certificates
not the serial numbers?
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography