[Sovereign Keys] Design proposals for SK

[Erik Tews]

Hi

I have read and analyzed the design document, and I have some ideas how
one could improve SK. I have uploaded them to:

https://github.com/eriktews/Sovereign-Keys/tree/ideas-from-erik-tews/issues

In a nutshell, I would like to hear comments about the following ideas:

signing-sk-data-on-master.txt - We could just sign the timeline data on
the timeline master server. Mirror will not need to sign an response
anymore, making them more performant and secure, and less powerful.

using-dns-as-protocol.txt - If the data doesn't need to be processed by
a mirror server anymore, we can also use DNS as a distributed cache for
it, and solve the captive portal problem.

including-the-server-certificate-in-the-request.txt - This is more a
first thought than a cange request, should we include the server
certificate in the request from the client? This makes it easier to
detect certificates from a compromised CA.

realtime-data-for-none-sk-names.txt - And the second question is, should
we extend SK so that it can be used as a kind of observatory and also
give some protection to sites not using SK.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.eff.org/pipermail/sovereign-keys/attachments/20120214/b03fe233/attachment.sig>