A proposal to improve PKI, OCSP, CAs.
Version 1
21 October 2011
Kai Engert
kaie@kuix.de - kaie@redhat.com
Abstract: We need solutions for compromised CA authorities, the OCSP privacy issue, the CRL bandwidth issue, the OCSP stapling limitations. Recent proposals for improvement suggested secondary authorities, being potentially secondary points of failure. This proposal asks that CAs take over responsibility and provide mutual notary services, because CAs are the ones who receive monetary benefits. The proposal is to introduce VAs - Vouching Autorities.
Read the details, html format or pdf format.
High-Level slides: html format or pdf format
For follow up discussion, please see my announcement post in the public newsgroup mozilla.dev.tech.crypto