Slashdot Mirror
Google Researchers Propose Plan To Fix CA System
Trailrunner7 writes "The security industry has no shortage of hard problems to solve, but the one getting the most attention right now is finding a way to improve, or ideally, replace, the CA infrastructure. The latest in what has become a series of recent proposals to help shore up the certificate authority system comes from a pair of Google security researchers who have laid out a plan for providing auditable public logs of certificates as well as proofs for each certificate issued. The system proposed by Google's Adam Langley and Ben Laurie (PDF) comprises three separate ideas, but relies on the creation of a publicly viewable log of every public certificate that's issued by a CA. There could be any number of public logs of these certificates, but the logs will be structured so that they are append-only. The entries in the logs will be the end certificates in the issuance chain. In addition to the logs, the proposal includes the use of proofs that are sent with each certificate to the user's browser. Laurie and Langley haven't defined exactly what the proof would look like, but suggest that it could be an extra certificate or a TLS extension."
Did anyone else read this as "Google plans to fix California"?
No? Oh well.
"Bob has a problem requiring secure communication. He decides to use certificates. Now Bob has two problems."
The new certificate system will be invitation-only, and then will be shut down.
In soviet russia the government regulates the companies.
Age verification is censorship.
To offset political mods, replace Flamebait with Insightful.
So eventually it will be certificates all the way down.
I eat only the real part of complex carbohydrates.
But that would admittedly be a pretty boring episode. And not the sort of thing he usually worries about.