An Idea for Solving the Certificate Authority Vuln Problem

~~   Forward   ~~

A while back, Comodo and DigiNotar were compromised, opening any SSL using those certificates to attackers.   Maybe it’s time to acknowledge that the traditional SSL trust model is outmoded.   Every web browser trusts the word of scores of Certificate Authorities, and if any one of those CA’s is compromised by a cracker, government agency, or internal hire, then there is no way to know that your HTTPS connection isn’t being intercepted.   Further, if a CA (GeoTrust for example) has a large market share of SSL certs, browsers can’t then just “un-trust” them, as millions of non-tech users will start getting https errors and won’t know what it means nor what to do.   My ideas cover both the questions of forgery, and of CAs which are effectively too large to fail.

Rather than requiring that a root certificate be signed by a single trusted authority, require multiple and independent trusted signatories.