perspectives-security

main project website: http://www.cs.cmu.edu/~perspectives/

Perspectives is a novel approach to authenticating remote servers on the Internet for use with protocols like HTTPS or SSH. Unlike a traditional public key infrastructure (PKI), which relies on expensive and manual identity checks by globally trusted certificate authorities (CAs), Perspectives uses a distributed network of "network notary" servers to automatically monitor the keys used by servers to build up a key history that can by used to reliably identify the valid public key or a server.

Perspectives has two primary uses:

Authenticating self-signed keys or certificates, which many browsers currently treat as security errors even when no attack exists. Providing an added ability to detect attacks, even when an application like a web browser believes that a certificate should be trusted.

The code consists of a notary server implementation, a notary client that integrates with the Firefox browser, and a modified openssh client that also uses notary responses.