[cryptography] fyi: Sovereign Keys: an EFF proposal for more secure TLS authentication

Peter Eckersley pde-lists at eff.org
Mon Nov 28 21:24:56 EST 2011

On Sat, Nov 26, 2011 at 10:43:08PM +0000, Adam Back wrote:
> I only skimmed the high level but I presume they would be using a merkle
> hash-tree and time-stamp server or something like that so it cant revise its
> story later and its current state can be audited by anyone against its
> advertised information.

The design includes an append-only data structure ("can't revise its story
later"), though it doesn't use Merkle trees or hash lists.  Each entry
contains a serial number and a time stamp, and is signed by the timeline
server that wrote it.  Trying to change the past entry with serial number N,
or produce an entry with a lower timestamp than the previous one, therefore
creates signed, remotely verifiable evidence that one of the timeline servers
has violated its append-only property.

The data structure can be audited for internal consistency by anyone who wants
to download an entire copy of it (which is what the "mirrors" in the protocol
do, although they also exist for scalability and robustness).  Clients cache
the portions of the data structure that they work with and look for
contradictions to their cached records, which is a decentralized method for
auditing against the existence of multiple different (signed, intenally
consistent) versions of the data structure on different mirrors.

If a contradiction in the data structure is discovered by any client or
mirror, the evidence is published automaticaly within the protocol, which
would cause that timeline server to drop out of the data structure.

Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the cryptography mailing list