CA model must be more distributed, less monetized

My columns, op-ed and feedback appear on many web sites. Among my favorite soap boxes are Engadget, Yahoo, Amazon and The Wall Street Journal. But I also contribute to various technical communities.

Recently, I have become active in InfoSec, the largest of LinkedIn discussion groups. InfoSec participants include a remarkably diverse cross section of information security specialists representing all sides of the security matrix. We have policy pundits, in house security directors, technicians, law enforcement officials & consultants, ethical hackers, and an occasional anti-forensic zealot, like me!

Patrick Gustavsson is Senior Consultant at Cybercom in Stockholm Sweden. This week he posed this question to InfoSec members:

Considering recent problems with certificates, what’s your opinion about PKI?
Does PKI have a future?

Patrick was referring to recent events concerning certificate authorities (CAs) being hacked and the forgery of widely trusted certificates, as was the case with Google’s. Because the CA model is built upon trust for the CA, Patrick was asking if the model is broken and that perhaps PKI was a poor design for the future.

My response: Good question. Wrong culprit!

PKI is not broken. In fact, it is brilliant and durable. The whole concept of digital trust is at thing of beauty and simplicity (Thank you Clifford Cocks, Diffie, Hellman, Elgamal, Kravitz, Rivest. But the trust is misdirected. In the past decade it has become expected that the trust is never P2P, but rather involves central repositories, and that somewhere along the way, certificates must grease the palms of “Central Authorities”.

PKI is not the component that is broken. PKI is just fine, thank you! The technology will remain the linchpin of any secure communication, and eventually of all IP packets including VOIP. (PKI can be enhanced with Sender Bonds, a form of financial risk for packets exchanged between strangers…But we’ll save that for another day!).

Rather, complexity of the CA model is the problem. The certified party is not readily evident, the paths of trust are murky and – most importantly – visitors rarely know why they should be trusted! The solution is easy, but it will require that we (the security specialists), dismantle the trust model…

Ellery’s Solution for P2P Trust: Outside of a communist regime, trust is not something that lends itself to central authority. Trust should always be personal and built on relationships both individuals and “flexible communities” (that is: either circles of trust or trust pyramids), and  save the individual. We must return the Internet to a pyramid of trust (like PGP) and – at the very least – create a mechanism to self sign new relationships as they are developed. The entire CA house is built on an old boys’ network of payoffs and profit. It must not be so. Real trust is built by referral and the 3rd party trust of your own trusted parties, just as it was in the beginning.

Don’t agree? Sound off. Add feedback to this article.