From: Karl Malbrain Sent: Wednesday, September 11, 2013 11:43 To: 'Theodore Ts'o' Subject: RE: [perpass] proposed enhancement to TLS strong authentication protocol
It's a WORM list. Users post requests to the list maintainers they trust with a GUID to register their public key, and then send this GUID as part of the TLS negotiation process. -----Original Message----- From: Theodore Ts'o [mailto:[email protected]] Sent: Wednesday, September 11, 2013 11:39 To: Karl Malbrain Cc: [email protected] Subject: Re: [perpass] proposed enhancement to TLS strong authentication protocol On Wed, Sep 11, 2013 at 05:31:52PM +0000, Karl Malbrain wrote: >Rather than have each TLS server receive user public certificates >individually for strong authentication, implement a global user public >certificate list hosted internationally that supplies user public >certificates to TLS hosts and clients. The list would be read-only, >indexed by GUID, and hosted at multiple international sites. Both TLS >servers and clients could then reliably obtain public certificates by >GUID for use in strong authentication challenges per the TLS protocol. And how would this global public certificate directory be securely updated? If you simply accept valid certificates, then it doesn't solve the rogue/comrpomised CA problem. - Ted _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
