[cryptography] fyi: Sovereign Keys: an EFF proposal for more secure TLS authentication

Peter Eckersley pde-lists at eff.org
Mon Nov 28 21:23:44 EST 2011


On Sat, Nov 26, 2011 at 11:36:11PM +1100, ianG wrote:
> As far as I can see, this is a third party repository for the keys.
> Which claims to reliabily deliver the keys on request?

Approximately yes, with a couple of additional notes:

- it isn't one third party, but a cooperating group of third parties.  So long
  as one of the third parties performs its role correctly, keys cannot be
  removed from the repository

- the keys it distributes aren't the operational keys you would use on your
  servers, but rather an offline key that you should cross-sign your
  operational keys with.  So if your webserver gets hacked, you don't need to
  go to the trouble of revoking/reissuing your Sovereign Key.

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993



More information about the cryptography mailing list