2011-11-24

Sovereign Keys to strengthen Public Key Infrastructure

The Electronic Frontier Foundation (EFF) is proposing an extension to the current SSL chain of trust that aims to improve the security of HTTPS and other secure communication protocols.

EFF's "Sovereign Keys" (SK) specification is designed to put the control give domain owners control over the link between their domain names and their certificates after recent Certificate Authority (CA) compromises raised serious questions about the security of the entire Internet Public Key Infrastructure (PKI).

One of the main problems with the current PKI model is the lack of control over CAs and their subsidiaries. There are literally hundreds of organizations spread around the world that are allowed to issue certificates for any domain name and some of them are operated by governments that practice Internet surveillance and censorship.

Sovereign Keys was designed to solve this problem by allowing domain owners to sign CA-issued certificates with their own private keys for additional authenticity. These validated domain-certificate associations are kept on so-called timeline servers and are synchronized with mirrors that are queried by clients.

Source: Network World via ACM Tech News

No comments: