Hello,
<hat="individual">
this is only fyi, but possibly noteworthy:
recently I came across two other articles aiming at making TLS/SSL more
secure:
1. a draft from Ben Laurie and Adam Langley "Certificate Authority
Transparency and Auditability"
www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf
2. and another proposal from EFF on "Sovereign Keys: A Proposal to Make
HTTPS and Email More Secure"
https://www.eff.org/deeplinks/2011/11/sovereign-keys-proposal-make-https-and-email-more-secure
To oversimplify, both add some kind of certificate log stored at other
sources - though differently.
From my perspective this does not conflict with but could complement
the current pinning and HSTS approach.
Best regards,
Tobias
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
