[cryptography] Auditable CAs

ianG iang at iang.org
Wed Nov 30 13:23:01 EST 2011


On 28/11/11 08:00 AM, Ben Laurie wrote:
> Given the recent discussion on Sovereign Keys I thought people might
> be interested in a related, but less ambitious, idea Adam Langley and
> I have been kicking around:
> http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf.


I found this rather difficult to understand, it seemed bottom-up not 
top-down.  If one strips away the techno stuff, it seems to me to reduce 
to this:

1.  all valid certificates are to be published into a publically 
viewable reliable log.
2.  a subscriber has the responsibility of identifying improper 
certificates in that log.
3.  the existance of a certificate in the log is acceptable proof of 
goodness for a browser.

Is that it, in minimalist form?

In analogous terms, is this like having the browser check EFF's 
repository for a second opinion?  Or, like OCSP but expanding the 
servers to cover all certs from all CAs, and test on the certificates 
not the serial numbers?

iang



More information about the cryptography mailing list