Father of SSL says despite attacks, the security linchpin has lots of life left

11.10.2011

The fact that browsers were designed with built-in root keys is unfortunate. That is the wrong thing, but it's very difficult to change that. We should have separated who is trusted from the vendor. If we cannot separate the root of trust from the vendor then the best we can do is build a side reputation system that everybody consults. When a browser gets a certificate from an unknown CA it says what the heck is this Tell me if the reputation of this thing is OK, and if it is OK, it's fine. And if that particular CA is doing bad things its reputation will go down and the browser should actually refuse the connection. We want the consumer to get ease of access a lot more than we want to protect them. So we allow the consumer to trust random things. After somebody trusts something it's very difficult for them to untrust it in the current setup. So the browser guys needed to undo things. This is unfortunate but it only has to do with the way the PKI was implemented inside of the browser system rather than any particular protocol. You could have removed SSL and put in IPSec and the exact same problem would actually come out because they all use PKI.

What can be done

If there is a way that we can separate who we trust from the vendor of the browsers then that would be the best thing to do. And the root of the trust should be the Internet with its built-in reputation ecosystem. All the CAs will have reputations built in because that's how the Internet runs, and then you have a better trust model that way. Rather than build it into the browser itself, that's what I'm saying. And I'm not saying I know how to implement this, but it's a better model.

If that were to happen and people have noticed that a particular CA is issuing bad certs the reputation will kick it out immediately. Nobody will have to issue patches, we don't have to wait for somebody to send something over for us to update. It will just be done in the ecosystem.

How would that work

Zur Startseite