1 research outputs found
New Directions for Trust in the Certificate Authority Ecosystem
Many of the benefits we derive from the Internet require trust in the
authenticity of HTTPS connections. Unfortunately, the public key certification
ecosystem that underwrites this trust has failed us on numerous occasions.
Towards an exploration of the root causes we present an update to the common
knowledge about the Certificate Authority (CA) ecosystem. Based on our findings
the certificate ecosystem currently undergoes a drastic transformation. Big
steps towards ubiquitous encryption were made, however, on the expense of trust
for authentication of communication partners. Furthermore we describe systemic
problems rooted in misaligned incentives between players in the ecosystem. We
depict that proposed security extensions do not correctly realign these
incentives. As such we argue that it is worth considering alternative methods
of authentication. As a first step in this direction we propose an
insurance-based mechanism and we demonstrate that it is technically feasible