[cryptography] fyi: Sovereign Keys: an EFF proposal for more secure TLS authentication
James A. Donald
jamesd at echeque.com
Fri Nov 25 18:42:08 EST 2011
On 2011-11-26 05:41, =JeffH wrote:
> Of possible interest...
> Subject: [SSL Observatory] Sovereign Keys: an EFF proposal for more secure
> TLS authentication
> From: Peter Eckersley <pde at eff.org>
> Date: Fri, 18 Nov 2011 14:31:42 -0800
> To: observatory at eff.org
> For quite a while at EFF, we've been pondering different possible
> solutions to
> the structural insecurities that are present in PKIX (and, to a lesser but
> still quite significant extent, DNSSEC).
> This year, our thinking solidified around an idea for using append-only
> structures to store keys. We are publishing this proposal for the first
> On that page you can find links to a high level overview and detailed
> docs. The design has a number of nice features, including very strong
> resistance to server impersonation attacks and automatic failover to secure
> routing methods (ideally, Tor hidden services) when server impersonation
> It should be read as a long-term, moderately ambitious proposal. Even if
> Internet community likes this design or something similar, less systematic
> solutions (various forms of pinning, Perspectives/Convergence, the
> Decentralized SSL Observatory) will certainly remain necessary and
> for at least a number of years.
This an entirely sound proposal to fix the massive problems with the PKI
infrastructure - and will therefore never attain EFF consensus, since
there are too many parties with a vested interest in broken PKI.
More information about the cryptography