A proposal to improve PKI, OCSP, CAs.
Kai Engert
kaie@kuix.de - kaie@redhat.com
Abstract: We need solutions for compromised CA authorities, the OCSP privacy issue, the CRL bandwidth issue, the OCSP stapling limitations. Recent proposals for improvement suggested secondary authorities, being potentially secondary points of failure. This proposal asks that CAs take over responsibility and provide mutual notary services, because CAs are the ones who receive monetary benefits. The proposal is to introduce VAs - Vouching Autorities.
Version 2, published 24 Feb 2012: html format or pdf format.
(updated to version 2.02 on 28 Feb 2012)
Architectural Diagram, v2, published 27 Feb 2012: svg format or pdf format.
For follow up discussion, please use the IETF mailinglist therightkey.
An incomplete set of high-level slides: html format or pdf format
Version 1, published: 21 October 2011: html format or pdf format.