Encrypted websites now handle more than half the world’s web traffic, but the way the keys for those connections are exchanged and verified hasn’t changed much in 20 years.
The current system relies on a global network of certificate authorities (CAs) to verify the public key and the owner of each secure website. It has long been criticized for creating central points of failure. And those central points, the CAs, have actually failed in some cases.
Some think blockchains – the technology that manages key exchange for the $25bn bitcoin network – could be the basis for a secure alternative.
The initial idea
Like blockchains, CAs began as a way to facilitate connected commerce. Veteran developer Christopher Allen – who helped set up the first certificate authority, VeriSign – said he imagined a system with several CAs where users would pick which ones to trust.
As the system has scaled, however, it’s become impractical for everyday users to actively manage their trust in different authorities. Most now rely on their browser’s default settings instead. It’s now the browser companies that effectively control trust, giving them huge clout within the certificate industry.
“We’ve got a new centrality, which is the big browser companies,” said Allen.
While control over trust has centralized, the number of certificate authorities has grown. There are now hundreds of authorities in countries around the world, and a failure at any one of them undermines the whole system.
The worst incident to date was the collapse of the Dutch authority DigiNotar in 2011. Hacking DigiNotar allowed attackers to spy on around 300,000 Iranian Gmail accounts, and forced a temporary shut down of many of the Dutch government’s online services.
Since then, there have been dozens of cases where CAs were caught issuing unverified certificates, using substandard security, or even trying to deceive browser companies. None of these had the same effects as DigiNotar, and the industry has raised security standards many times since 2011, but there are still those who think it’s time to look for a long-term alternative to CAs.
One of those alternatives was outlined in a 2015 white paper, written at a workshop Allen hosted called “Rebooting Web of Trust”. The paper set out goals for a decentralized public key infrastructure (dpki) to replace the current, centralized system.
“The goal of dpki is to ensure that … no single third-party can compromise the integrity and security of the system as as whole.”
In place of the current system, where domain ownership is recorded in the DNS and key are verified by CAs, Rebooting Web of Trust envisioned a secure namespace where domain registration and the key for each domain would be recorded on a blockchain.
A new namespace
The Ethereum Name System (ENS) is trying to create the same kind of secure namespace for the ethereum community. It gives us a first look at the challenges and opportunities of making these ideas work in practice.
Developer Alex Van de Sande said his team often uses the analogy of a sandwich to explain how ENS is designed. The ‘bread’ in the ENS sandwich are two simple contracts. One stipulates that if you own the domain, you’re entitled to its subdomains. The other handles payments.
Like in a sandwich, the complicated part of ENS is in the middle. That’s the contract that sets the rules for name registration. ENS wants to avoid the problem of domain squatting, which was common during the initial internet domain name boom.
They’re also pursuing the ‘principle of least surprise’, the idea that people shouldn’t be too surprised by who actually owns a name. It might seem like common sense that Bank of America should have first dibs on bankofamerica.eth. But Van de Sande said that designing a system to implement that principle is very challenging, maybe even impractical.
He added that ENS will take the first year after the relaunch as an opportunity to learn how to improve the registration rules. If the rules change, he said, name owners will have a choice to upgrade or surrender their names for a refund.
Van de Sande said he hopes ENS will be a model for a wider use of similar ideas, adding:
“ENS reflects the way we wish the internet would be. It doesn’t mean that it’s actually going to be that way.”
Another way to decentralize the infrastructure behind secure online communication is to ensure that users can verify the actual information they receive, rather than trying to secure the server-client connection.
Engineer Jude Nelson, who collaborated on the 2015 “Rebooting Web of Trust” white paper, told this is the goal of his startup, New York-based Blockstack.
Blockstack’s system, which is currently in an alpha release, allows users to record their unique name and key on the bitcoin blockchain, and then lookup another user in order to verify the information they receive.
“With Blockstack, we’re trying to make it so that developers can build server-less, decentralized, applications where users own their own data,” said Nelson. “There are no passwords and developers don’t have to host either of them.”
This could, one day, reduce the need for the website encryption altogether.
Sovereign identity and its hurdles
Each of these projects reflects the same overarching goal: to reduce the role of third parties and give users more control.
Allen, who has convened the Rebooting Web of Trust group every six months since 2015, said he is working towards technologies that give users true sovereignty.
The many strings of letters and numbers that represent individuals online today are all registered with third parties. “You’re not really buying it, you’re renting it. You don’t have true sovereignty,” said Allen.
But Allen also sees many challenges ahead. One is usability. Systems that work for technically adept users may not scale to applications where most users will rely on defaults and won’t be prepared to make choices about who to trust.
“We’ve learned in technology that giving users choice often doesn’t work.”
Meanwhile, the centralized system is also changing. Google is in the middle of rolling out its own solution to the pitfalls of the CA system — a plan called Certificate Transparency, which requires CAs to log all trusted certificates in public view.
Google said it can verify log-inclusion and the log’s honesty with Merkle trees, and the system has already allowed researchers to catch some bad certificates.
Google’s idea is to keep the third party, but remove the trust. And this approach may prove to be a long-term competitor to blockchain-based projects which want to get rid of both.