On 12/11/13, 8:55 AM, "Ben Laurie" <[email protected]> wrote:
>Who's in? Very cool concept Š very broad possible applications. Less interested in HTTPS/TLS, but many applications. Paul > >"Problem statement: many Internet protocols require a mapping between >some kind of identifier and some kind of key, for example, HTTPS, >SMTPS, IPSec, DNSSEC and OpenPGP. > >These protocols rely on either ad-hoc mappings, or on authorities >which attest to the mappings. > > >History shows that neither of these mechanisms is entirely >satisfactory. Ad-hoc mappings are difficult to discover and maintain, >and authorities make mistakes or are subverted. > > >Cryptographically verifiable logs can help to ameliorate the problems >by making it possible to discover and rectify errors before they can >cause harm. > > >These logs can also assist with other interesting problems, such as >how to assure end users that software they are running is, indeed, the >software they intend to run. > > >Work items: Specify a standards-track mechanism to apply verifiable >logs to HTTP/TLS (i.e. RFC 6962-bis). > > >Discuss mechanisms and techniques that allow cryptographically >verifiable logs to be deployed to improve the security of protocols >and software distribution. Where such mechanisms appear sufficiently >useful, the WG will re-charter to add relevant new work items." >_______________________________________________ >therightkey mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/therightkey _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
