The list is replicated but not centralized per-se. There is only one content. Larger servers could maintain their own copy of the replicated list for their own usage.
As to the utility of the enhancement, MITM attachments/attacks are precluded by strong authentication of both the server and the client. The specific technical problem addressed is the ability of both parties to reliably obtain client public keys during TLS negotiation. From: Phillip Hallam-Baker [mailto:[email protected]] Sent: Wednesday, September 11, 2013 12:16 To: Paul Wouters Cc: Karl Malbrain; [email protected] Subject: Re: [perpass] FW: proposed enhancement to TLS strong authentication protocol On Wed, Sep 11, 2013 at 2:51 PM, Paul Wouters <[email protected]<mailto:[email protected]>> wrote: On Wed, 11 Sep 2013, Karl Malbrain wrote: From: Karl Malbrain Sent: Wednesday, September 11, 2013 11:43 To: 'Theodore Ts'o' Subject: RE: [perpass] proposed enhancement to TLS strong authentication protocol It's a WORM list. Users post requests to the list maintainers they trust with a GUID to register their public key, and then send this GUID as part of the TLS negotiation process. Seems to me to be basically like an unscalable central version of the TLSA record? https://tools.ietf.org/html/rfc6698 I think it can be decentralized and have been working on an architecture to do that for email security. But it does not really help much for authentication to random Web sites or for enterprise use either. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
