Idea: Using GPG signatures for SSL certificates

[Thomas Shaddack]

The problem that makes me feel uneasy about SSL is the vulnerability
of the certification authorities; when they get compromised, everything
they signed gets compromised too.

However, the system could be for some applications potentially get
hardened to certain degree, using the web-of-trust approach.

The server presents its certificate to the client. The client then can
optionally request the GPG signature of the certificate from the server
either by always trying if it is there or only if its presence is
indicated in the certificate data fields, and verify it by the specified
GPG public key (which then can be firmly embedded in the web of trust).

The server's key may be stored on the server itself together with the
certificate signature file, or the signature file may indicate the
keyserver it should be fetched from. Being signed by several trusted keys
is crucial for this purpose, as otherwise it would be trivial to
compromise the GPG pubkey together with the signature and the SSL
certificate, if the adversary gets access to the server and manages to
compromise the CA (risk especially with in-house CAs, or when Agencies get
involved).

The clients should cache the server's authentication information, and
report any changes, like SSH does.

The location of the signature may vary; it can be stored in a default
place on the server (https://secure.server.com/cert-gpgsignature.asc), or
the location can be specified in a X509 field.

Is it a good idea? Could it fly? If not, why?