Saturday, January 07, 2012

Sovereign Keys

I'm starting to look into Sovereign Keys, covered in more detail in [1] and [2].

That the current PKI system is brittle is accepted by many people.  Brainstorming and prototyping new internet service authentication approaches is first-order important, and Sovereign Keys is worthy of further investigation and support.

Seems like Sovereign Keys does introduce a few new concepts that need security analysis; the timeline servers offer an interesting capability, I wonder about vulnerabilities.  For that matter, I wonder about patents in this space.   There is a minefield of granted timestamping patents and while the timeline servers may not specifically address timestamping, I wonder of some of those patents were written generally enough to impact Sovereign Keys.

Note that a proposal from Adam Langley and Ben Laurie of Google [3] also introduces the notion of a public append-only log, in some ways similar to timeline servers, but not domain-specific.


No comments: