On Tue, Dec 6, 2011 at 10:48 AM, Florian Weimer <[email protected]> wrote: > * Ben Laurie: > >> Given the recent discussion on Sovereign Keys I thought people might >> be interested in a related, but less ambitious, idea Adam Langley and >> I have been kicking around: >> http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf. > > Why wouldn't the problem we have with CAs now resurface again with the > entity which maintains the log? And why is a new protocol needed? > Couldn't you just treat certificates from existing browser CAs as > signing requests for an uber-CA which issues traditional X.509 > certificates?
I don't know how to answer that without just regurgitating the document again. You have read it, right? > Viewed from another perspective, "The CA must publish a list of > certificates it has issued" is a perfectly auditable requirement (in > particular if you specify availability and format), so if this is what > we want, browser vendors could just make it a requirement for being on > the root list. However, this seems rather unrealistic at this point. > > Therefore, I have written a proposal for TLS extension which adds some > additional transparency regarding the certificates which are floating > around, without mandatory publication by the CAs or a third party. Our proposal does not require CAs or third parties to publish anything. > It > relies on the phenomenon that nowadays, we have a fair number of mobile > devices which migrate between networks with and without a clear path, > and sufficient local storage capacity to keep track of the certificates > they see. > > <http://tools.ietf.org/html/draft-weimer-tls-previous-certificate-00> > > I still think the concept is sound, and some discussion in this thread > (on TLS-intercepting proxies) makes it clear why the complexity of > sending the entire certificate chain is necessary. Interesting proposal: two comments immediately spring to mind: 1. You probably need to allow for sending more than one certificate chain. 2. What about server farms that have a different cert per machine? Or CDNs? _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
