

TACK: Trust Assertions for Certificate Keys - zobzu
http://tack.io/draft.html

======
zobzu
it seems like it signs the keys using the domain name to ensure the domain
name is who it says the domain name is.

i'm not certain what it means if for example I send you my phishing link to
www.paypayl.com which I would own in that case, and be able to sign properly.
it seems more like a dnssec kind of replacement in that regard.

i gotta re-read this a few times because I feel like that's not all that cool
if it does only that.

then again it does claim to be a better pinning mechanism that does not rely
on the trust chain or let you still trust the site even if the SSL/TLS trust
chain is broken.

