Trust Certificate Extension Proposed For TLS

Two researchers have proposed extending Transport Layer Security (TLS) to include trust certificates.

The proposal from Moxie Marlinspike and Trevor Perrin to the TLS Working Group includes the ability to sign the public key from the TLS server's certificate. Dubbed "Trust Assertions for Certificate Keys" or TACK, clients can 'pin' a hostname to the TACK key. Marlinspike says "since TACK pins are based on TACK keys (instead of CA keys), trust in CAs is not required."

The proposal has been submitted to the Internet Engineering Task Force (IETF) for review.