[cryptography] Auditable CAs
iang at iang.org
Wed Nov 30 13:23:01 EST 2011
On 28/11/11 08:00 AM, Ben Laurie wrote:
> Given the recent discussion on Sovereign Keys I thought people might
> be interested in a related, but less ambitious, idea Adam Langley and
> I have been kicking around:
I found this rather difficult to understand, it seemed bottom-up not
top-down. If one strips away the techno stuff, it seems to me to reduce
1. all valid certificates are to be published into a publically
viewable reliable log.
2. a subscriber has the responsibility of identifying improper
certificates in that log.
3. the existance of a certificate in the log is acceptable proof of
goodness for a browser.
Is that it, in minimalist form?
In analogous terms, is this like having the browser check EFF's
repository for a second opinion? Or, like OCSP but expanding the
servers to cover all certs from all CAs, and test on the certificates
not the serial numbers?
More information about the cryptography