X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Fvision.mdwn;h=35261be3642d0a1c50c04c1b27e2cc1795768e9c;hb=961306e8cb0a730a788a90cfa9c1a7d9bd89b909;hp=66b2aeccbae946f1173184e058c7c5bb81044651;hpb=e94dfff2bd84bbf07b3314c9cfd082c4a62612e2;p=monkeysphere.git

diff --git a/website/vision.mdwn b/website/vision.mdwn
index 66b2aec..35261be 100644
--- a/website/vision.mdwn
+++ b/website/vision.mdwn
@@ -7,8 +7,27 @@ This is probably at the crux of the Monkeysphere vision for the future:
 * [Simon Josefsson proposed out-of-process certificate verification model in gnutls-devel](http://news.gmane.org/find-root.php?group=gmane.comp.encryption.gpg.gnutls.devel&article=3231)
 * [Werner Koch's dirmngr](http://www.gnupg.org/documentation/manuals/dirmngr/)
 * [GnuTLS wiki external validation](http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation)
+* [Pathfinder PKI validation](http://code.google.com/p/pathfinder-pki/) (includes validation plugins for OpenSSL and LibNSS).
 
-## Other discussions ##
+## TLS transition strategies ##
+
+While [RFC 5081](http://tools.ietf.org/html/rfc5081) is quite a while
+off from widespread adoption, it would be good to have an interim
+translation step.  This is analogous to the SSH work we've done, where
+the on-the-wire protocol remains the same, but the keys themselves are
+looked up in the OpenPGP WoT.
+
+Firefox extensions that deal with certificate validation seem to be
+the easiest path toward demonstrating this technique.  We should look
+at:
+
+* [SSL Blacklist](http://codefromthe70s.org/sslblacklist.aspx)
+* [Perspectives](http://www.cs.cmu.edu/~perspectives/firefox.html)
+* there is another firefox extension that basically disables all TLS certificate checking.  The download page says things like "this is a bad idea" and "do not install this extension", but i'm unable to find it at the moment.
+
+## Related discussions ##
 
 * [Wandering Thoughts blog discussion about Web of Trust flaws](http://utcc.utoronto.ca/~cks/space/blog/tech/WebOfTrustFlaws?showcomments)
 * [Wandering Thoughts blog discussion about certificate authorities](http://utcc.utoronto.ca/~cks/space/blog/web/SSLCANeed?showcomments)
+* [Zooko's Conjecture: Decentralized, Secure, Human-Meaningful: Choose two](https://zooko.com/distnames.html)
+* [Mark Stiegler's Introduction to Petnames](http://www.skyhunter.com/marcs/petnames/IntroPetNames.html)