~~ Forward ~~
A while back, Comodo and DigiNotar were compromised, opening any SSL using those certificates to attackers. Maybe it’s time to acknowledge that the traditional SSL trust model is outmoded. Every web browser trusts the word of scores of Certificate Authorities, and if any one of those CA’s is compromised by a cracker, government agency, or internal hire, then there is no way to know that your HTTPS connection isn’t being intercepted. Further, if a CA (GeoTrust for example) has a large market share of SSL certs, browsers can’t then just “un-trust” them, as millions of non-tech users will start getting https errors and won’t know what it means nor what to do. My ideas cover both the questions of forgery, and of CAs which are effectively too large to fail.
Rather than requiring that a root certificate be signed by a single trusted authority, require multiple and independent trusted signatories.
~~ Handling Forgeries ~~
If browsers were to require that its certs be signed by at least ? trusted Certificate Authorities (five?), then creating forgeries suddenly becomes far more difficult. Compromise of one CA would not be enough. Sometimes a nation may compel the CA’s under its influence to sign a forged certificate, but if five signatories were required it is less likely that this is possible. And the system could require that no more than say, three signatories, be in the sphere of influence of one nation. Or, each CA could be assigned (in browsers) entities in whose sphere they fall. Each certificate must be signed by a minimum of ? authorities which do not have overlapping influences.
If browsers required a certificate to be signed by a minimum of five Certificate Authorities, and users then got their certificate signed by one or maybe two more Certificate Authorities, then no CA is any longer ‘too large to fail’. Browsers could remove the largest CAs from their trusted root list, and affected certs would still have enough signatories to be trusted. If a cert is discovered forged, and it is signed by three different CA’s, a temporary ‘influence’ connection could be created between the three CAs, to stipulate that they’ve all been compromised by the same attacker.
~~ Mechanism of Rollout ~~
The present system of X.509 certificates can’t handle multiple signatories, so a new cert system would need to be developed. TLS would need to be updated, and all web browsers would need to be updated, but this is fairly routine already. This tech could be rolled out gradually, and once one standard deviation of browsers support it, the requirement could be that a certificate must be signed by at least two trusted authorities. Then after two standard deviations (or say, three or four years) this minimum number increases. All certs must be renewed in any case, so this shouldn’t catch anyone by surprise, lol. We’d need cooperation from the major browser vendors, and there are several examples of this cooperation when a problem is large enough. Cooperation from the CAs is easy; if larger ones decline to participate, there are plenty of smaller CAs which would jump at taking a larger share of the certificate market.
~~ Alternatives to CAs ~~
A different approach is to eliminate CAs altogether and implement a ‘notary system’. Perspectives, and Convergence are examples of this. Visit an SSL site and your browser connects with multiple notaries and confirms that the cert you’re seeing, is the same as the one others are seeing for the site. This solution is workable, but it would require a large number of notaries created to be efficient, and the browser must automatically and randomly choose a default set of notaries, hopefully run by entities without overlapping influence. 99% of end-users are not going to pick and choose their own notaries, and they shouldn’t have to. As well, Convergence addresses end-user privacy by configuring notaries as one-hop proxies, so the IP of the site visitor can’t be easily linked to the site being visited. This is a good development for privacy.
A more advanced system could be a no-trust one, based on the astounding blockchain paradigm of cryptocurrencies (which is just a sequential transaction database). New applications are already being found for blockchain, for example the security system of the email service ProtonMail.ch, and the electronic signature system of BlockSign.it, and a new internet infrastructure. A blockchain could easily be deployed to log and keep track of certs in a radically distributed database, with effectively infinite checks for integrity.,'after' => '') )