Trust Darknet: Control and Compromise in the Internet's Certificate Authority Model

Roosa, Steven B.; Schultze, Stephen

doi:10.2139/ssrn.2249042

Download This Paper

Open PDF in Browser

Add Paper to My Library

Trust Darknet: Control and Compromise in the Internet's Certificate Authority Model

14 Pages Posted: 13 Apr 2013

See all articles by Steven B. Roosa

Stephen Schultze

Georgetown University Law Center; Princeton University; Harvard University

Date Written: April 11, 2013

Abstract

For more than a decade, Internet users have relied upon digital certificates issued by certificate authorities to encrypt and authenticate their most valuable communications. Computer security experts have lambasted weaknesses in the system since its inception. A series of recent exploits have brought several problems back into stark focus. This paper describes some of the proposed technology-based improvements, as well as the structural shortcomings of the trust model – legal, economic, and organizational. We explore some of these structural defects in the context of lessons learned over the lifetime of the certificate authority trust model, and propose first steps toward fixes and next steps for study.

Suggested Citation: Suggested Citation

Roosa, Steven B. and Schultze, Stephen, Trust Darknet: Control and Compromise in the Internet's Certificate Authority Model (April 11, 2013). Available at SSRN: https://ssrn.com/abstract=2249042 or http://dx.doi.org/10.2139/ssrn.2249042