IRTF or IETF? Do we build on existing legacy proposals or write new stuff?
I think there are two separate or at least separable pieces of infrastructure needed. One is a transparent timestamp notary infrastructure and the other is transparency mechanisms that make use of said notary infrastructure. The need to revisit the first comes from the expiry of the Harber & Stornetta patents. I think we should have such a facility as a general Web facility. We can build an infrastructure that prevents defection without collusion by every notary and archive using existing technology. Applying the mechanisms to TLS might be done at different levels with different deployment impacts. Deploying in EE certs is much harder than deploying in cert signing certs. But the latter would provide most of the benefit by blocking MITM certs. I am looking at SMTP and the approach is very obviously research at this point.
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
