[Cryptography] Certificates and PKI

[Jerry Leichter]

So Google has announced that in the future they Chrome mark HTTP connections as "risky", perhaps moving the world toward "all encryption all the time".  However, all the browser makers - Firefox in particular - continue their war against self-signed certificates.

If your goal is security against passive eavesdroppers - and, in particular, against "record everything" government agencies - then a self-signed certificate is as good as anything.

If you want to defend against active MITM attacks, then you need a trustworthy certificate.  But as we all know, the current model of hundreds of equally-trusted CA's cannot possibly produce legitimate trust.

Recent efforts like certificate pinning and certificate transparency can go a long way toward proving trust in certificates - *but they can work equally well no matter who signs the certificate!*  Granted, they were *designed* on the assumption that the pinned/recorded CA was one of the "blessed" CA's that every browser comes with - but there's nothing that requires that.  A "pinned" self-signed certificate - pinned to itself - is as trustworthy as any other pinned certificate.  (In fact, it's basically just a wasteful representation of trusted public key store, something I've discussed here previously.  But it fits into the existing infrastructure with no changes.)  The security of certificate transparency doesn't come from CA's - it comes from the owners of sites watching for attempts to create certificates in their name.  That works no matter where the legitimate certificates come from.

How can we get the browser makers to stop buying in to the PKI fiction that does little except keep the CA business model alive?
                                                        -- Jerry