W3C home > Mailing lists > Public > www-tag@w3.org > May 2012

Trust Assertions for Certificate Keys (TACK)

From: Noah Mendelsohn <nrm@arcanedomain.com>
Date: Thu, 24 May 2012 14:35:46 -0400
Message-ID: <4FBE7F82.3040604@arcanedomain.com>
To: "www-tag@w3.org" <www-tag@w3.org>
CC: Thomas Roessler <tlr@w3.org>
Possibly pertinent to TAG ACTION-710 [1] and to the TAG's overall interest 
in the integrity of the Certificate Authority system. See TACK (article at 
[2], IETF draft at [3]), a proposal for improving the integrity of the CA 
system. The abstract of the draft is:

"Abstract

This document defines TACK, a TLS Extension that enables a TLS server to 
assert the authenticity of its public key. A TACK contains a "TACK key" 
which is used to sign the public key from the TLS server's certificate. 
Hostnames can be "pinned" to a TACK key. TLS connections to a pinned 
hostname require the server to present a TACK containing the pinned key and 
a corresponding signature over the TLS server's public key."

Noah

[1] http://www.w3.org/2001/tag/group/track/actions/710
[2] 
https://threatpost.com/en_us/blogs/cryptographers-unveil-new-way-trust-certificates-052312
[3] http://tack.io/draft.html
Received on Thursday, 24 May 2012 18:36:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 24 May 2012 18:36:28 GMT