[pkix] fyi: Sovereign Keys: an EFF proposal for more secure TLS authentication
=JeffH <Jeff.Hodges@KingsMountain.com> Tue, 22 November 2011 00:26 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D7701F0C67 for <pkix@ietfa.amsl.com>; Mon, 21 Nov 2011 16:26:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -98.636
X-Spam-Level:
X-Spam-Status: No, score=-98.636 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q7pMJKgf7v2K for <pkix@ietfa.amsl.com>; Mon, 21 Nov 2011 16:26:19 -0800 (PST)
Received: from oproxy8-pub.bluehost.com (oproxy8.bluehost.com [IPv6:2605:dc00:100:2::a8]) by ietfa.amsl.com (Postfix) with SMTP id 74B631F0C4C for <pkix@ietf.org>; Mon, 21 Nov 2011 16:26:19 -0800 (PST)
Received: (qmail 26792 invoked by uid 0); 22 Nov 2011 00:26:16 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by oproxy8.bluehost.com with SMTP; 22 Nov 2011 00:26:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kingsmountain.com; s=default; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=uzS2ZYtI4uNx4X97vcF9Xh8twr0+AkSOHYaeWVBkR9w=; b=ehRrzLbgqD7uDqEmkqYa07oEfOyijf3nqfBPqdK7cXy0qsp4TyYud1nhXEJ2dOnmVjZ8tAXWiJ+tPSz7tWF7cnXMytlzbkwNa/H9Z0qjDrExU812KJdLagZeVJkvLYx5;
Received: from adsl-67-125-67-217.dsl.snfc21.pacbell.net ([67.125.67.217] helo=[192.168.12.109]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1RSeBk-0006yo-0v for pkix@ietf.org; Mon, 21 Nov 2011 17:26:16 -0700
Message-ID: <4ECAEC15.9000708@KingsMountain.com>
Date: Mon, 21 Nov 2011 16:25:57 -0800
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110921 Thunderbird/3.1.15
MIME-Version: 1.0
To: IETF PKIX WG <pkix@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 67.125.67.217 authed with jeff.hodges+kingsmountain.com}
Subject: [pkix] fyi: Sovereign Keys: an EFF proposal for more secure TLS authentication
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2011 00:26:24 -0000
Of possible interest... Subject: [SSL Observatory] Sovereign Keys: an EFF proposal for more secure TLS authentication From: Peter Eckersley <pde@eff.org> Date: Fri, 18 Nov 2011 14:31:42 -0800 To: observatory@eff.org For quite a while at EFF, we've been pondering different possible solutions to the structural insecurities that are present in PKIX (and, to a lesser but still quite significant extent, DNSSEC). This year, our thinking solidified around an idea for using append-only data structures to store keys. We are publishing this proposal for the first time today: https://eff.org/sovereign-keys On that page you can find links to a high level overview and detailed design docs. The design has a number of nice features, including very strong resistance to server impersonation attacks and automatic failover to secure routing methods (ideally, Tor hidden services) when server impersonation occurrs. It should be read as a long-term, moderately ambitious proposal. Even if the Internet community likes this design or something similar, less systematic solutions (various forms of pinning, Perspectives/Convergence, the Decentralized SSL Observatory) will certainly remain necessary and important for at least a number of years. -- Peter Eckersley pde@eff.org Technology Projects Director Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993
- [pkix] fyi: Sovereign Keys: an EFF proposal for m… =JeffH
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Miller, Timothy J.
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Phillip Hallam-Baker
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Miller, Timothy J.
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Ben Laurie
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Ben Laurie
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Miller, Timothy J.
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Ben Laurie
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Miller, Timothy J.
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Miller, Timothy J.
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Miller, Timothy J.
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Carl Wallace
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Miller, Timothy J.
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Carl Wallace
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Miller, Timothy J.
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Rob Stradling
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Rob Stradling
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Miller, Timothy J.
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Rob Stradling
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Martin Rex
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Ben Laurie
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Paul Hoffman
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Martin Rex
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Peter Gutmann
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Martin Rex
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Rob Stradling
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Polk, William T.
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Ben Laurie
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Ben Laurie
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Ben Laurie
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Ben Laurie
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Peter Gutmann
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Rob Stradling
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Ben Laurie
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Rob Stradling
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Martin Rex
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Martin Rex
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Manger, James H
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Rob Stradling
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Martin Rex
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Stephen Kent
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Rob Stradling
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Stephen Kent
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Rob Stradling
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Rob Stradling
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Adam Langley
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Stephen Kent
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Kemp, David P.
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Martin Rex
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Ben Laurie
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Michael StJohns
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Michael StJohns
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Phillip Hallam-Baker
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Martin Rex
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Santosh Chokhani
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Tom Ritter
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Santosh Chokhani
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Peter Gutmann
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Peter Gutmann
- Re: [pkix] fyi: Sovereign Keys: an EFF proposal f… Yoav Nir