On 2011-11-26 05:41, =JeffH wrote:
Of possible interest...


Subject: [SSL Observatory] Sovereign Keys: an EFF proposal for more secure
TLS authentication
From: Peter Eckersley <[email protected]>
Date: Fri, 18 Nov 2011 14:31:42 -0800
To: [email protected]

For quite a while at EFF, we've been pondering different possible
solutions to
the structural insecurities that are present in PKIX (and, to a lesser but
still quite significant extent, DNSSEC).

This year, our thinking solidified around an idea for using append-only
data
structures to store keys. We are publishing this proposal for the first
time
today:

https://eff.org/sovereign-keys

On that page you can find links to a high level overview and detailed
design
docs. The design has a number of nice features, including very strong
resistance to server impersonation attacks and automatic failover to secure
routing methods (ideally, Tor hidden services) when server impersonation
occurrs.

It should be read as a long-term, moderately ambitious proposal. Even if
the
Internet community likes this design or something similar, less systematic
solutions (various forms of pinning, Perspectives/Convergence, the
Decentralized SSL Observatory) will certainly remain necessary and
important
for at least a number of years.

This an entirely sound proposal to fix the massive problems with the PKI infrastructure - and will therefore never attain EFF consensus, since there are too many parties with a vested interest in broken PKI.


_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to