Webmaster Bob wants to add his key to the server. Bob goes to the server page and hits add key button, puts in an email address for the webmaster, his public key and submits. Then the public key server sometime in the next couple hours goes outs and checks the website itself. If the two match it adds it to the database.
You can have the server require a reverse DNS lookup and also have it use something along the lines of OpenDNS to help secure against fraud. Also if the server itself uses a CA cert to secure data on transit that would also help secure it. Require a revocation key to invalidate self signed keys on the database would also further security.
Then user Joe can add "Self-sign Pub key extension" to Firefox to automate the checking of public keys.
This allows for a relatively cheap self-signing check. Does a minimal amount of is this the real website I'm using but still not quite the level of a paid CA cert that say a bank should have.
Webmaster Bob wants to add his key to the server. Bob goes to the server page and hits add key button, puts in an email address for the webmaster, his public key and submits. Then the public key server sometime in the next couple hours goes outs and checks the website itself. If the two match it adds it to the database.
You can have the server require a reverse DNS lookup and also have it use something along the lines of OpenDNS to help secure against fraud. Also if the server itself uses a CA cert to secure data on transit that would also help secure it. Require a revocation key to invalidate self signed keys on the database would also further security.
Then user Joe can add "Self-sign Pub key extension" to Firefox to automate the checking of public keys.
This allows for a relatively cheap self-signing check. Does a minimal amount of is this the real website I'm using but still not quite the level of a paid CA cert that say a bank should have.
(Apologies about the ramblyness of this post)