[cryptography] fyi: Sovereign Keys: an EFF proposal for more secure TLS authentication
pde-lists at eff.org
Mon Nov 28 21:23:44 EST 2011
On Sat, Nov 26, 2011 at 11:36:11PM +1100, ianG wrote:
> As far as I can see, this is a third party repository for the keys.
> Which claims to reliabily deliver the keys on request?
Approximately yes, with a couple of additional notes:
- it isn't one third party, but a cooperating group of third parties. So long
as one of the third parties performs its role correctly, keys cannot be
removed from the repository
- the keys it distributes aren't the operational keys you would use on your
servers, but rather an offline key that you should cross-sign your
operational keys with. So if your webserver gets hacked, you don't need to
go to the trouble of revoking/reissuing your Sovereign Key.
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the cryptography