Mutually Endorsing CA Infrastructure

• Don't treat Symptoms: Improve the PKI System

• Combine PKI with Web-Of-Trust / Notary ideas

• Each CA should run a dynamic Vouching Service

• Vouching for network visibility of:

• DNS information: Hostname <=> IP
• Certificate in use: IP/Port <=> Certificate
• Current Revocation information (OCSP)

• Vouching Service combines network information, current timestamp and adds a digital signature