Game of Keys: Too Much Information About Certificate Authorities
Georg C. F. Greve
Thu Oct 31 2019
Digital Certificates are like fancy, modern, sealed letters with that embossed wax insignia of your house banner or family crest that says: “In my function as Certification Authority I hereby attest that I have verified the bearer of this seal really is Georg Greve, first of his name, who is a real person and really has the email address email@example.com, and is the one true King of the North.” Or something like that.
And if you believe the seal of the Certificate Authority (CA) you can be reasonably certain the person showing you this certificate is likely Georg. Unless of course the certificate was stolen, and Georg noticed it. In that case he might have asked the CA to provide another seal to say “that particular seal is now invalid.” Then everyone who would be diligent enough to call the CA to ask whether the seal is still valid would find out it no longer is and can disregard that last message that arrived by crow.
Briefly, the function of a Certificate Authority is to certify that a particular key really belongs to a specific person or institution. Be it the owner of a domain, the person behind an email address or a business. It’s ultimately about proving this certificate really belongs to the organisation or person it claims to belong to and sometimes also that this organisation or person are real, and do exist.
In other words: Certificate Authorities provide the link between the identity of a person or organisation, and the digital key used to represent them.
Now imagine such a seal carried proof of your identity directly. Anyone you gave the seal to could directly verify that it really was issued by you. Furthermore, imagine you didn’t have a single seal, but as many as you wanted. You would generate each seal when you needed it, disclosing about yourself only what you need for this specific purpose at the time. Each seal could ever only be used exactly once, for a single interaction. A public ledger would ensure that anyone who received such a seal could verify that it had not been stolen. You could no longer be impersonated. That would be cool. You could send as many crows as you want and not have to pay for each wax imprint on your scrolls. And now we’ve taken the whole Game of Thrones thing too far….
The truth is that this is made possible with Self-Sovereign Identity (SSI). If such an identity is capable aggregating third party verification, its owner can prove their identity has been successfully verified by their bank, their government or some other organisation. Official bodies, including existing Certificate Authorities, will still have a useful role in supporting trust in the institutions doing the verification. But at this organisational level key management is far easier. Also, each identity typically carries verification from multiple organisations, making the result far more robust than relying only on a single point of failure, which is currently the Certificate Authority. And yes, they do get compromised enough to make it a concern.
Even more, if the identity is capable of Zero-Knowledge Proof (ZKP), the certificates will be far more privacy friendly than they are today. You could sign an online petition proving you really are a citizen of a country and of voting age – without having to reveal your name or age unless you want to.
As a result, any device carrying your identity is now becoming your CA of sorts. At the time of interaction, such as signing a document, or signing an e-mail, the device will locally generate the one-time key. It will incorporate the proof of your identity as required, execute the interaction and record proof of the interaction with the online, public ledger.
The resulting signature itself can be represented in a visual and cryptographic form that integrates well into any application or use case, making it universally useful. And perhaps most importantly: you really shouldn’t have to be an expert in cryptography to use it, so we need to remove any kind of manual user involvement. It looks like this if you want to try it out: app.vereign.com.
Centralised Trust on a Distributed Ledger?
Now there’s still more you need to know about this. Nowadays, thanks to hype and buzzwords, most people have at least heard of blockchain. That technology is commonly described as a trust machine. Many people are excited about how it has the power to transform banking, pharmaceuticals, supply chain or land registries. Yet all of these depend on a singular system to establish the connection between the legal, physical and digital worlds. We’re talking about the very same Certificate Authorities (CAs), of course. Which is why they warrant a closer look.
CAs are organisations which are crucial to how security is perceived by the masses online. They are what makes the lock in your browser turn green. Without them you could not be able to tell whether you're talking to your bank, or some criminal with an appetite for your accounts. The way they are doing this is by acting as a centralised source of trust to issue and sign certificates, the digital keys that secure and protect our digital communication. Your browser uses them to sign and encrypt your information, and to verify the web sites you are connecting with.
Companies trust one another on the internet because they both have digital certificates that have been signed by a Certificate Authority. As their name suggests, these are ultimately private or public organisations considered authorities for certificates. Your browser trusts a Certificate Authority because whoever provided this browser to you told it to trust this Certificate Authority. The same is true for your operating system, which verifies software in much the same way.
In order to make this work, Certificate Authorities are heavy on process and compliance. Also, they better have excellent security. Because if a criminal can obtain an illegitimate signature on their certificate, your browser will trust that criminal blindly. It’s even worse if a criminal manages to smuggle their certificate into the set of trusted certificates for your browser or operating system. In this case your computer will accept that criminal as a Certificate Authority. So they can create any number dangerous web sites that your browser will then tell you to trust.
Although hundreds of millions of USD have been spent in trying to protect this system it has been broken in just these ways many times. But that is not something many people in the IT industry feel comfortable talking about because it could easily undermine trust into the internet as a whole. So all of us typically rely on this system working well enough most of the time.
However, this system is also expensive. Too expensive in fact for many small and medium sized companies. And far too expensive for individuals. Which is why only larger organisations tended to have validated certificates to secure their web traffic and communication. As a consequence, only 2.29 percent of all peak hour internet traffic in North America was encrypted back in 2013. The resulting holes were exploited by criminals and governments alike until Edward Snowden made the extent of the problem public.
Many things were done to address this. Among them was the creation of Let's Encrypt as a gratis Certificate Authority, it's yearly budget of 3m USD sponsored by large technology companies. Today, over 50% of the web is using Let's Encrypt certificates. That is an enormous success story and huge gain in security online.
The side effect is a dramatic impact on traditional CAs who now find themselves competing with free. Let’s Encrypt is an overwhelming success, effectively making it a critical infrastructure for more than half the web pages. This concentration is going to increase in coming years as CAs will continue to lose market share to Let's Encrypt. Such concentration has far reaching implications for the web as a whole.
When does a CA become the Single Point of Failure for the Internet?
Much of the success of the internet has been made possible by its design that avoided central points of failure. So, it seemed natural for the technology community to seek the same kind of designs in other functions, including the administration of certificates. Pretty Good Privacy (PGP) was inspired by this, and consequently the OpenPGP standard is favoured by many technologists because it does not follow a hierarchical model of trust. Instead, trust is created by direct interaction between any two parties with the intended result of creating a mesh of trust. Very much like the “small-world experiment”, this mesh would then allow any two people who never met to trust each other’s’ certificates because they can find a path of trust to one another.
While OpenPGP has been very successful in areas dominated by technologists, it remained irrelevant to almost anyone else. Real world adoption of the CA model far outperforms that of OpenPGP. Manual vs managed distribution of keys was a major contributor to this. Another blow was struck to the distribution of OpenPGP keys when the key servers used for key distribution came under scrutiny for their privacy implications. Perhaps most importantly, OpenPGP ultimately assumes and requires a user that is competent in security and some basics of cryptography.
That is why a majority of OpenPGP keys today are managed by the servers of mail service providers on behalf of their users. The mail service providers themselves have become de-facto Certificate Authorities, only with less oversight and accountability.
Keys managed in such a way are just as trustworthy as the email accounts managed by the same providers. Which, in a world of Business Email Compromise (BEC), phishing and a majority of cyberattacks executed via email, isn’t necessarily the standard we’d like to see applied to food safety, bank accounts, or medicine.
Because governments and companies require accountability, they have largely given preference to the CA model in legislation and procedures. Let’s Encrypt has created such a CA and put it into the hands of public interest intermediaries, namely the Linux Foundation, Mozilla, and the EFF. They turned CA into a public service, run by a group of organisations that play important roles in shaping technology for the world at large. That’s the best possible implementation of the traditional CA model and a huge win for security online. It’s also accelerating the concentration process of Certificate Authorities, with smaller CAs being acquired or struggling to protect themselves against being compromised.
Much like banks are central authorities of the financial world, Certificate Authorities are central intermediaries of digital trust. Can we reduce concentration along with our reliance on intermediaries and democratise that trust? What if there were hundreds, perhaps even thousands of federated Certificate Authorities bound together into a mesh that provides keys to services and users across the world? Such a network would have to agree on a common set of information which would need to be sufficiently resistant against tampering. It would need a trust machine. So we tried to build one.
Vereign started in late 2017 to explore what such a distributed Certificate Authority might look like and whether it could combine the strengths of the traditional CA approach with that of OpenPGP. But most importantly we wanted to see whether we could make the user experience work for the masses, you know, people who are not of the technical community.
The thing is we should all be able to use Self-Sovereign Identity with Zero Knowledge Proof cheaply and easily. And while we should all be able to claim ourselves as the One True Monarch of somewhere, we really know who it really should be…. Season finale be damned!
And now We’ve really taken the whole Game of Thrones thing too far….
At least that’s our goal.
This article is one of two which has been a co-production with our advisory board member Pete Herzog of ISECOM, following a great, productive workshop in Barcelona in October ‘19.