[WG-OTTO] NORDUnet CT server

Mike Schwartz mike at gluu.org
Fri Aug 21 12:04:53 CDT 2015


Roland,

Is there a github for this project yet? I'd love to take a look.

thx,

Mike


On 2015-08-21 02:59, Roland Hedberg wrote:
>> 5 aug 2015 kl. 21:40 skrev Mike Schwartz <mike at gluu.org>:
>> 
>> 
>> Rainer is suggesting a blockchain solution to publishing metadata, or 
>> a data structure where you cannot change without breaking the chain.
>> 
>> The IETF has an RFC for certificate transparency--a public ledger for 
>> CA certificate to enable verification of root CA's. 
>> https://tools.ietf.org/html/rfc6962 Because metadata is a very similar 
>> use case to PKI, a similar approach could be used.
>> 
>> Entity operator would submit data to federation operator, which is 
>> opaque to outsiders, and then it would be published. With an append 
>> only data structure, once the federation operator has verified that 
>> what has been publish is posted, it cannot be changed in the 
>> future--which can prevent a man-in-the-middle attack. Just provides a 
>> different distribution and verification mechanism that is more secure 
>> and reliable.
> 
> Might be worth mentioning that in my task in the GEANT project we (or
> rather Linus Nordberg, NORDUnet) is
> implementing a CT server.
> I’m sure we could use his implementation and get help from him, if we
> wanted to test this idea.
> 
> - Roland
> 
> ”Capitalism is the extraordinary belief that the nastiest of men for
> the nastiest of motives will somehow work for the benefit of all" -
> John Maynard Keynes.

-- 
-------------------------------------
Michael Schwartz
Gluu
Founder / CEO
mike at gluu.org


More information about the WG-OTTO mailing list