rainer at hoerbe.at
Fri Oct 30 16:13:59 CDT 2015
CONIKS is a service that provides key transparency for end-users in the same way RFC 6269 certificate transparency (CT) does it for server certificates.
To recall: CT provides a public ledger allowing the verification that a certificate was issued by the authoritative CA (or more abstract: verify which namespace asserts that a name controls a key)
Key owners have the duty to /continually/ validate that no certificates were issued by unauthorized CAs.
CONIKS (CONtinuous Identity and Key management System) is similar to CT, but reduces required bandwidth for monitoring, and features privacy preserving key directories. That could be a further step into decentralizing the business of certification and notarization.
It might be worthwhile to look into this technology because its properties seem advantageous. Being designed to register, lookup, monitor and audit key bindings, it should be able to do the same for more general triples.
Something to discuss in an upcoming meeting.
Reference implementation: https://github.com/coniks-sys/coniks-ref-implementation
Master thesis: http://www.cs.princeton.edu/~melara/pubs/mse-thesis.pdf
More information about the WG-OTTO