Not sure if this will jumpstart discussion or not, but I thought I'd post the list of ideas I know of, just to see if make sure I'm aware of what everyone else has spinning around in their heads:
- Certificate Authority Transparency and Auditability by Ben Laurie & Adam Langly http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf http://www.links.org/?p=1212 http://www.imperialviolet.org/2011/11/29/certtransparency.html - Sovereign Keys by the EFF https://www.eff.org/sovereign-keys - Convergence by Moxie http://convergence.io/ - CA T&A proofs as cert extensions by Brad Hill http://www.ietf.org/mail-archive/web/pkix/current/msg30146.html There's the CA/B Forum which just released a draft of requirements for Certificate Authorities effective July 1 2012. This is notable if only because it has buy-in from CAs. http://www.cabforum.org/ And there's some older projects that predate this past summer that are relevant: - Monkeysphere http://web.monkeysphere.info/ - Cert Patrol https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/ - Perspectives http://perspectives-project.org/ And there's some partially-connected things in the works: - Key Pinning in HTTP working it's way through the websec working group: http://tools.ietf.org/html/draft-ietf-websec-key-pinning-01 - Key Pinning in TLS by moxie: https://github.com/moxie0/Convergence/wiki/TACK - DANE for cert assertions via DNSSEC If anyone else has more items for a reading list, please send them on. -tom _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
