The Electronic Frontier Foundation (EFF) has proposed an extension to the current Secure Sockets Layer (SSL) chain of trust that aims to improve the security of HTTPS and other secure communication protocols.
One of the major problems with the current Public Key Infrastructure (PKI) model is the lack of control over certificate authorities (CAs) and their subsidiaries.
The EFF's Sovereign Keys (SK) specification was designed to solve this problem by allowing domain owners to sign CA-issued certificates with their own private keys for additional authenticity. The SK model shrinks the number of attack points from hundreds of CAs to 30 or fewer servers where any compromise can be detected automatically.
The SK specification also is compatible with Domain Name System (DNS)-Based Authentication of Named Entities (DANE), a protocol used to associate certificates with domain names via DNSSEC, and can be used to cross-sign DANE keys to prevent DNS-based attacks.
"My feeling is that this migration would be unlikely to happen, as it requires the use of client technologies that Web browsers are disinclined to integrate, as well as commitments and mechanics that the operators of SSL Web sites are disinclined to make," says security researcher Moxie Marlinspike.
From IDG News Service
View Full Article
Abstracts Copyright © 2011 Information Inc. , Bethesda, Maryland, USA
No entries found