Moxie Marlinspike Proposes New TACK Extension To TLS For Key Pinning 55
Trailrunner7 writes "Two independent researchers are proposing an extension for TLS to provide greater trust in certificate authorities, which have become a weak link in the entire public key infrastructure after some big breaches involving fraudulent SSL certificates. TACK, short for Trust Assertions for Certificate Keys, is a dynamically activated public key framework that enables a TLS server to assert the authenticity of its public key. According to an IETF draft submitted by researchers Moxie Marlinspike and Trevor Perrin, a TACK key is used to sign the public key from the TLS server's certificate. Clients can 'pin' a hostname to the TACK key, based on a user's visitation habits, without requiring sites modify their existing certificate chains or limiting a site's ability to deploy or change certificate chains at any time. If the user later encounters a fraudulent certificate on a "pinned" site, the browser will reject the session and send a warning to the user. 'Since TACK pins are based on TACK keys (instead of CA keys), trust in CAs is not required. Additionally, the TACK key may be used to revoke previous TACK signatures (or even itself) in order to handle the compromise of TLS or TACK private keys,' according to the draft."
There has to be a better way (Score:4, Interesting)
It seems to me that you could do a p2p certificate authority where a certificates trust is based on the number of people who trust the cert as well as a past history of your trusts.
So, if historically you trust certs that are frauds then the trust in you is reduced and all certs you trusted are reduced.
If the opposite is true than the trust in you is higher as is the trust in the certs you have trusted.
Re:There has to be a better way (Score:3, Interesting)
TACK isn't really about replacing CAs, that's more the goal of Moxie's other project, Convergence. To quote Moxie from the IETF TLS list: "While I see a project like Convergence as an attempt to provide increased 'trust agility,' I see TACK as an attempt to reduce the surface for which third party trust is even required. The two types of projects are not incompatible, and in fact the latter simply reduces the amount of work the former needs to do."