Fixing the CA PKI


That the Certificate Authority Public Key Infrastructure (CA PKI) is broken is probably something we already know by now. Although, I would still say that it's broken by design and stuff that's broken will be exploited sooner or later so this was more or less expected.

But the PKI can't be permanently fixed, but it can be used correctly and therefore make it very hard to exploit its drawbacks. However, corporations will still be able to get hacked, companies can still preinstall root certificates so local programs can inject traffic into the users browser, and other root CA's will still be able to sign intermediate certificates to other bad companies. But what we actually can do is prevent that these methods actually works.

I'm not talking about other ways to design the infrastructure because testing in IT often means that you run it until it breaks and then try to fix it, and this is a long journey. So we should be grateful where we are today. We have been able to see the problems in the design that we built and we are constantly working to make it work better, and we really have come far.

The Problem

The CA PKI is broken because it's based on trust, and the trust chain is not completed. Trust is meant to be linked across all partys and all should agree to make it work. But in the CA PKI it does not work that way.

You see, the user is the one actually using the product. In this case a website or a executable file. But has the user ever said that they trust the responsible that signed the product? Often not. So who said that they should trust the responsible publishers?

Well, it's often the browser or the operating system. And here's where it gets tricky. Do the ones responsible for the cert store in our browsers and/or operating systems take moral decisions? For example, if a corporation has done immoral actions that threatened the privacy of people, should they be allowed to sign a domain that users are then supposed to trust?

The Fix

We have come far and there are still many things that should be done before calling the CA PKI even remotely trusted and working. However, there are interesting projects in development right now, like Certification Authority Authorization (CAA) and Certificate transparency (CT). These are two very powerful methods to detect rogue CA's that sign domains without the owners having agreed to it.

So we have the solutions but how are they being used? That's the bad news. Even though CAA and CT is something great with the goal being to make it hard to exploit the PKI, these methods must be used on a wider scale than they are today.

I think this is what we should do:

  • Force all certificate authorities to be CAA-compliant
  • Force all certificates to support CT (Chrome will soon require SCT's from EV)
  • Regular audits of a [small] public cert store that all other stores should be based on
  • Better communication between the public and the responsible for the cert stores
  • Make better use of preload-HPKP

These are easy goals to reach because we have already started. Either we fix the current PKI or we completely redesign the infrastructure. Anyway, I hope we can use the Internet in trust some day...