Vouching architecture

Twice a day, each server requests a current voucher from each CA and will use it for the next 24 hours
Client picks two acceptable candidate Vouching Authorities (either by random or based on region)
Clients request vouchers from servers as part of the SSL/TLS protocol handshake
Server certificate and voucher: From different CAs
Clients verify voucher signature and freshness
Clients compare own network view with voucher information

Twice a day, each server requests a current voucher from each CA and will use it for the next 24 hours