14 Pages Posted: 13 Apr 2013
Date Written: April 11, 2013
For more than a decade, Internet users have relied upon digital certificates issued by certificate authorities to encrypt and authenticate their most valuable communications. Computer security experts have lambasted weaknesses in the system since its inception. A series of recent exploits have brought several problems back into stark focus. This paper describes some of the proposed technology-based improvements, as well as the structural shortcomings of the trust model – legal, economic, and organizational. We explore some of these structural defects in the context of lessons learned over the lifetime of the certificate authority trust model, and propose first steps toward fixes and next steps for study.
Suggested Citation: Suggested Citation
Roosa, Steven B. and Schultze, Stephen, Trust Darknet: Control and Compromise in the Internet's Certificate Authority Model (April 11, 2013). Available at SSRN: https://ssrn.com/abstract=2249042 or http://dx.doi.org/10.2139/ssrn.2249042