Trust Darknet: Control and Compromise in the Internet's Certificate Authority Model

14 Pages Posted: 13 Apr 2013  

Steven B. Roosa

Holland & Knight LLP

Stephen Schultze

Georgetown University Law Center; Princeton University; Harvard University

Date Written: April 11, 2013

Abstract

For more than a decade, Internet users have relied upon digital certificates issued by certificate authorities to encrypt and authenticate their most valuable communications. Computer security experts have lambasted weaknesses in the system since its inception. A series of recent exploits have brought several problems back into stark focus. This paper describes some of the proposed technology-based improvements, as well as the structural shortcomings of the trust model – legal, economic, and organizational. We explore some of these structural defects in the context of lessons learned over the lifetime of the certificate authority trust model, and propose first steps toward fixes and next steps for study.

Suggested Citation

Roosa, Steven B. and Schultze, Stephen, Trust Darknet: Control and Compromise in the Internet's Certificate Authority Model (April 11, 2013). Available at SSRN: https://ssrn.com/abstract=2249042 or http://dx.doi.org/10.2139/ssrn.2249042

Steven B. Roosa

Holland & Knight LLP ( email )

50 California Street
San Francisco, CA
United States

Stephen Schultze (Contact Author)

Georgetown University Law Center ( email )

Washington, DC
United States

Princeton University

22 Chambers Street
Princeton, NJ 08544
United States

Harvard University ( email )

1875 Cambridge Street
Cambridge, MA 02138
United States

Paper statistics

Downloads
609
Rank
33,447
Abstract Views
2,910