On Wed, Sep 11, 2013 at 05:31:52PM +0000, Karl Malbrain wrote:
>Rather than have each TLS server receive user public certificates
>individually for strong authentication, implement a global user public
>certificate list hosted internationally that supplies user public
>certificates to TLS hosts and clients. The list would be read-only,
>indexed by GUID, and hosted at multiple international sites. Both TLS
>servers and clients could then reliably obtain public certificates by
>GUID for use in strong authentication challenges per the TLS protocol.
And how would this global public certificate directory be securely
updated? If you simply accept valid certificates, then it doesn't
solve the rogue/comrpomised CA problem.
- Ted
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
