[cryptography] fyi: Sovereign Keys: an EFF proposal for more secure TLS authentication

=JeffH Jeff.Hodges at KingsMountain.com
Fri Nov 25 14:41:21 EST 2011

Of possible interest...

Subject: [SSL Observatory] Sovereign Keys: an EFF proposal for more secure
	TLS authentication
From: Peter Eckersley <pde at eff.org>
Date: Fri, 18 Nov 2011 14:31:42 -0800
To: observatory at eff.org

For quite a while at EFF, we've been pondering different possible solutions to
the structural insecurities that are present in PKIX (and, to a lesser but
still quite significant extent, DNSSEC).

This year, our thinking solidified around an idea for using append-only data
structures to store keys.  We are publishing this proposal for the first time


On that page you can find links to a high level overview and detailed design
docs.  The design has a number of nice features, including very strong
resistance to server impersonation attacks and automatic failover to secure
routing methods (ideally, Tor hidden services) when server impersonation

It should be read as a long-term, moderately ambitious proposal.  Even if the
Internet community likes this design or something similar, less systematic
solutions (various forms of pinning, Perspectives/Convergence, the
Decentralized SSL Observatory) will certainly remain necessary and important
for at least a number of years.

Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the cryptography mailing list