Two researchers have prepared a draft standard for the Internet Engineering Task Force to help extend the trust of SSL certificates. The approach is Trust Assertions for Certificate Keys, or TACK, and was prepared by Trevor Perrin and Moxie Marlinspike.
TACK is an SSL extension that enables a Web server to assert the authenticity of its public key. A TACK contains a “TACK key” that is used to sign the public key from the Web server’s certificate. Hostnames can be “pinned” to a TACK key. Connections to a pinned hostname require the server to present a TACK containing the pinned key and a corresponding signature over the web server’s public key. (more…)